CVE-2016-10074

Risk Scores

Affected Products

Exploit Intelligence

• http://packetstormsecurity.com/files/140290/SwiftMailer-Remote-Code-Execution.html (nist-nvd)
• http://seclists.org/fulldisclosure/2016/Dec/86 (nist-nvd)
• https://legalhackers.com/advisories/SwiftMailer-Exploit-Remote-Code-Exec-CVE-2016-10074-Vuln.html (nist-nvd)
• https://www.exploit-db.com/exploits/40972/ (nist-nvd)
• PHPMailer < 5.2.18 Remote Code Execution (github-poc)
• PHPMailer < 5.2.18 Remote Code Execution (github-poc)
• PHPMailer < 5.2.18 Remote Code Execution (github-poc)
• PHPMailer < 5.2.18 Remote Code Execution (github-poc)
• PHPMailer < 5.2.18 Remote Code Execution (github-poc)
• PHPMailer < 5.2.18 Remote Code Execution (github-poc)

…and 114 more exploits

Timeline

• Dec 29, 2016 PoC Published
• Dec 30, 2016 CVE Published
• Jun 22, 2017 PoC Published
• Feb 4, 2022 EPSS Score
• Mar 7, 2023 EPSS Score
• Mar 17, 2025 EPSS Score
• Mar 22, 2025 EPSS Score
• Mar 29, 2025 EPSS Score
• Apr 6, 2025 EPSS Score
• Apr 7, 2025 EPSS Score
• Apr 9, 2025 EPSS Score
• Apr 10, 2025 EPSS Score

References

• https://ubuntu.com/security/CVE-2016-10074 third-party-advisory
• https://legalhackers.com/advisories/SwiftMailer-Exploit-Remote-Code-Exec-CVE-2016-10074-Vuln.html third-party-advisory
• http://packetstormsecurity.com/files/140290/SwiftMailer-Remote-Code-Execution.html third-party-advisory
• http://seclists.org/fulldisclosure/2016/Dec/86 third-party-advisory
• https://github.com/swiftmailer/swiftmailer/blob/5.x/CHANGES third-party-advisory
• https://www.exploit-db.com/exploits/40972/ third-party-advisory
• https://www.cve.org/CVERecord?id=CVE-2016-10074 third-party-advisory