CVE-2016-10033

Published: Dec 30, 2016Modified: Apr 21, 2026CISA KEV

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.

Affected (3)

Products: Phpmailer Project: Phpmailer · Wordpress: Wordpress · Joomla: Joomla!

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Phpmailer Project Phpmailer	Before 5.2.18

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Wordpress Wordpress	Up to 4.7

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Joomla Joomla!	From 1.5.0 to 3.6.5

Related CWEs

CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.

References (43)

http://packetstormsecurity.com/files/140291/PHPMailer-Remote-Code-Execution.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2016/Dec/78

Source: cve@mitre.org

Mailing ListPatchThird Party Advisory

http://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection

Source: cve@mitre.org

ExploitThird Party Advisory

http://www.securityfocus.com/archive/1/539963/100/0/threaded

Source: cve@mitre.org

Broken LinkThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/95108

Source: cve@mitre.org

Broken LinkExploitThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1037533

Source: cve@mitre.org

Broken LinkThird Party AdvisoryVDB Entry

https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.html

Source: cve@mitre.org

Third Party Advisory

https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.18

Source: cve@mitre.org

PatchVendor Advisory

https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities

Source: cve@mitre.org

PatchVendor Advisory

https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html

Source: cve@mitre.org

ExploitPatchThird Party Advisory

https://www.drupal.org/psa-2016-004

Source: cve@mitre.org

Third Party Advisory

https://www.exploit-db.com/exploits/40968/

Source: cve@mitre.org

ExploitPatchThird Party AdvisoryVDB Entry

https://www.exploit-db.com/exploits/40969/

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://www.exploit-db.com/exploits/40970/

Source: cve@mitre.org

ExploitPatchThird Party AdvisoryVDB Entry

https://www.exploit-db.com/exploits/40974/

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://www.exploit-db.com/exploits/40986/

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://www.exploit-db.com/exploits/41962/

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://www.exploit-db.com/exploits/41996/

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://www.exploit-db.com/exploits/42024/

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://www.exploit-db.com/exploits/42221/

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/140291/PHPMailer-Remote-Code-Execution.html