VDB
CVE-2016-10045
CVE-2016-10045
PUBLISHED
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033.
EPSS 93.45% · 99.8th percentile
Risk Scores
EPSS Score
93.45%
99.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:16.04:LTS | libphp-phpmailer | 0, 5.2.10+dfsg-1, 5.2.14+dfsg-1 |
Timeline
- Dec 28, 2016 PoC Published
- Dec 30, 2016 CVE Published
- Jan 4, 2017 PoC Published
- Jun 22, 2017 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 17, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Apr 1, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2016-10045 third-party-advisory
- https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html third-party-advisory
- http://openwall.com/lists/oss-security/2016/12/28/1 third-party-advisory
- http://packetstormsecurity.com/files/140286/PHPMailer-Remote-Code-Execution.html third-party-advisory
- http://seclists.org/fulldisclosure/2016/Dec/81 third-party-advisory
- https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.html third-party-advisory
- https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.20 third-party-advisory
- https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities third-party-advisory
- https://www.exploit-db.com/exploits/40969/ third-party-advisory
- https://ubuntu.com/security/notices/USN-5956-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2016-10045 third-party-advisory