SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2016-10045

The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:		CVSS V2 Severity:
CVSS Score : 9.8		CVSS Score : 7.5
Exploit Score: 3.9		Exploit Score: 10.0
Impact Score: 5.9		Impact Score: 6.4

CVSS V3 Metrics:		CVSS V2 Metrics:
Attack Vector: NETWORK		Access Vector: NETWORK
Attack Complexity: LOW		Access Complexity: LOW
Privileges Required: NONE		Authentication: NONE
User Interaction: NONE		Confidentiality: PARTIAL
Scope: UNCHANGED		Integrity: PARTIAL
Confidentiality: HIGH		Availability: PARTIAL
Integrity: HIGH
Availability: HIGH

Reference:

SECTRACK-1037533

http://seclists.org/fulldisclosure/2016/Dec/81

http://www.securityfocus.com/archive/1/539967/100/0/threaded

http://openwall.com/lists/oss-security/2016/12/28/1

http://packetstormsecurity.com/files/140286/PHPMailer-Remote-Code-Execution.html

http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html

http://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection

https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.html

https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.20

https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities

https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html


30430



423868



247862



909



194603



282