Vulnerability Name:

CVE-2016-10033 (CCN-120074)

Assigned:2016-12-26
Published:2016-12-26
Updated:2021-09-30
Summary:The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
CVSS v3 Severity:9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
9.1 Critical (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:F/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-77
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2016-10033

Source: MISC
Type: Exploit, Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/140291/PHPMailer-Remote-Code-Execution.html

Source: MISC
Type: Exploit, Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html

Source: CCN
Type: Full Disclosure mailing list, Mon, 26 Dec 2016 00:31:42 -0200
PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033]

Source: FULLDISC
Type: Mailing List, Patch, Third Party Advisory
20161227 PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033]

Source: MISC
Type: Exploit, Third Party Advisory
http://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection

Source: BUGTRAQ
Type: Third Party Advisory, VDB Entry
20161227 PHPMailer < 5.2.18 Remote Code Execution [updated advisory] [CVE-2016-10033]

Source: BID
Type: Exploit, Third Party Advisory, VDB Entry
95108

Source: CCN
Type: BID-95108
PHPMailer CVE-2016-10033 Remote Code Execution Vulnerability

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1037533

Source: CONFIRM
Type: Third Party Advisory
https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.html

Source: XF
Type: UNKNOWN
phpmailer-cve201610033-code-exec(120074)

Source: CCN
Type: PHPMailer GIT Repository
PHPMailer

Source: CONFIRM
Type: Patch, Vendor Advisory
https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.18

Source: CONFIRM
Type: Patch, Vendor Advisory
https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities

Source: MISC
Type: Exploit, Patch, Third Party Advisory
https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html

Source: CCN
Type: Packet Storm Security [12-26-2016]
PHPMailer 5.2.17 Remote Code Execution

Source: CCN
Type: Packet Storm Security [12-22-2016]
PHPMailer 5.2.17 Remote Code Execution

Source: CCN
Type: Packet Storm Security [12-29-2016]
PHPMailer Remote Code Execution

Source: CCN
Type: Packet Storm Security [01-03-2017]
PHPMailer / Zend-mail / SwiftMailer Remote Code Execution

Source: CCN
Type: Packet Storm Security [01-04-2017]
PHPMailer Sendmail Argument Injection

Source: CONFIRM
Type: Third Party Advisory
https://www.drupal.org/psa-2016-004

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [12-26-2016]

Source: EXPLOIT-DB
Type: Exploit, Patch, Third Party Advisory, VDB Entry
40968

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [12-27-2016]

Source: EXPLOIT-DB
Type: Exploit, Third Party Advisory, VDB Entry
40969

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [12-25-2016]

Source: EXPLOIT-DB
Type: Exploit, Patch, Third Party Advisory, VDB Entry
40970

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [12-29-2016]

Source: EXPLOIT-DB
Type: Exploit, Third Party Advisory, VDB Entry
40974

Source: EXPLOIT-DB
Type: Exploit, Third Party Advisory, VDB Entry
40986

Source: EXPLOIT-DB
Type: Exploit, Third Party Advisory, VDB Entry
41962

Source: EXPLOIT-DB
Type: Exploit, Third Party Advisory, VDB Entry
41996

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [05-17-2017]

Source: EXPLOIT-DB
Type: Exploit, Third Party Advisory, VDB Entry
42024

Source: EXPLOIT-DB
Type: Exploit, Third Party Advisory, VDB Entry
42221

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2016-10033

Vulnerable Configuration:Configuration 1:
  • cpe:/a:phpmailer_project:phpmailer:*:*:*:*:*:*:*:* (Version < 5.2.18)

    • Configuration 2:
  • cpe:/a:wordpress:wordpress:*:*:*:*:*:*:*:* (Version <= 4.7)

    • Configuration 3:
  • cpe:/a:joomla:joomla!:*:*:*:*:*:*:*:* (Version >= 1.5.0 and <= 3.6.5)

    • Configuration CCN 1:
  • cpe:/a:phpmailer_project:phpmailer:5.2.17:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.cisecurity:def:1697
    P
    		DSA-3750-2 -- libphp-phpmailer -- security update
    2017-02-10
    oval:org.cisecurity:def:1695
    P
    		DSA-3750-1 -- libphp-phpmailer -- security update
    2017-02-10
    oval:com.ubuntu.artful:def:201610033000
    V
    		CVE-2016-10033 on Ubuntu 17.10 (artful) - medium.
    2016-12-30
    oval:com.ubuntu.disco:def:2016100330000000
    V
    		CVE-2016-10033 on Ubuntu 19.04 (disco) - medium.
    2016-12-30
    oval:com.ubuntu.trusty:def:201610033000
    V
    		CVE-2016-10033 on Ubuntu 14.04 LTS (trusty) - medium.
    2016-12-30
    oval:com.ubuntu.cosmic:def:2016100330000000
    V
    		CVE-2016-10033 on Ubuntu 18.10 (cosmic) - medium.
    2016-12-30
    oval:com.ubuntu.bionic:def:201610033000
    V
    		CVE-2016-10033 on Ubuntu 18.04 LTS (bionic) - medium.
    2016-12-30
    oval:com.ubuntu.xenial:def:201610033000
    V
    		CVE-2016-10033 on Ubuntu 16.04 LTS (xenial) - medium.
    2016-12-30
    oval:com.ubuntu.bionic:def:2016100330000000
    V
    		CVE-2016-10033 on Ubuntu 18.04 LTS (bionic) - medium.
    2016-12-30
    oval:com.ubuntu.cosmic:def:201610033000
    V
    		CVE-2016-10033 on Ubuntu 18.10 (cosmic) - medium.
    2016-12-30
    oval:com.ubuntu.xenial:def:2016100330000000
    V
    		CVE-2016-10033 on Ubuntu 16.04 LTS (xenial) - medium.
    2016-12-30
    oval:com.ubuntu.precise:def:201610033000
    V
    		CVE-2016-10033 on Ubuntu 12.04 LTS (precise) - medium.
    2016-12-30
    BACK
    phpmailer_project phpmailer *
    wordpress wordpress *
    joomla joomla! *
    phpmailer_project phpmailer 5.2.17