CVE-2016-10045
CVE-2016-10045
9.8
CriticalPublished:
Last updated:
Source:cve@mitre.org
Modified
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- Scope
- Unchanged
- Confidentiality
- High
- Integrity
- High
- Availability
- High
Description
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033.
Exploits
409862017-01-02webappsPHP
PHPMailer < 5.2.20 / SwiftMailer < 5.4.5-DEV / Zend Framework / zend-mail < 2.4.11 - 'AIO' 'PwnScriptum' Remote Code Execution
By Dawid Golunski
References
cve@mitre.org
http://openwall.com/lists/oss-security/2016/12/28/1cve@mitre.org
http://seclists.org/fulldisclosure/2016/Dec/81cve@mitre.org
http://www.securityfocus.com/bid/95130cve@mitre.org
http://www.securitytracker.com/id/1037533cve@mitre.org
https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.htmlcve@mitre.org
https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilitiescve@mitre.org
https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.htmlcve@mitre.org
https://www.exploit-db.com/exploits/40969/cve@mitre.org
https://www.exploit-db.com/exploits/40986/cve@mitre.org
https://www.exploit-db.com/exploits/42221/af854a3a-2127-422b-91ae-364da2661108
http://openwall.com/lists/oss-security/2016/12/28/1af854a3a-2127-422b-91ae-364da2661108
http://packetstormsecurity.com/files/140286/PHPMailer-Remote-Code-Execution.htmlaf854a3a-2127-422b-91ae-364da2661108
http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.htmlaf854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2016/Dec/81af854a3a-2127-422b-91ae-364da2661108
http://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injectionaf854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/archive/1/539967/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/95130af854a3a-2127-422b-91ae-364da2661108
http://www.securitytracker.com/id/1037533af854a3a-2127-422b-91ae-364da2661108
https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.htmlaf854a3a-2127-422b-91ae-364da2661108
https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.20af854a3a-2127-422b-91ae-364da2661108
https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilitiesaf854a3a-2127-422b-91ae-364da2661108
https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.htmlaf854a3a-2127-422b-91ae-364da2661108
https://www.exploit-db.com/exploits/40969/af854a3a-2127-422b-91ae-364da2661108
https://www.exploit-db.com/exploits/40986/af854a3a-2127-422b-91ae-364da2661108
https://www.exploit-db.com/exploits/42221/