Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
typo3TYPO3 AssociationTYPO3-EXT-SA-2017-006
HistoryJul 11, 2017 - 12:00 a.m.

Remote Code Execution in extension "PHPMailer" (bb_phpmailer)

2017-07-1100:00:00
TYPO3 Association
typo3.org
617

0.967 High

EPSS

Percentile

99.6%

JSON

It has been discovered that the extension “PHPMailer” (bb_phpmailer) is susceptible to Remote Code Execution.

Release Date: July 11, 2017

Component Type: Third party extension. This extension is not a part of the TYPO3 default installation.

Affected Versions: version 1.73.1 and below

Vulnerability Type: Remote Code Execution

Severity: Low

Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:C/I:P/A:N/E:F/RL:O/RC:C (What’s that?)

CVE: not assigned yet

Problem Description: The extension uses an old version of PHPMailer, which is known to be vulnerable to Remote Code Execution (CVE-2016-10045).

Solution: Versions of this extension that are known to be vulnerable will no longer be available for download from the TYPO3 Extension Repository. The extension author is no longer maintaining this extension. Please uninstall and delete the extension from your installation.

Credits: Credits go to Clemens Riccabona who discovered and reported the vulnerability.

General advice: Follow the recommendations that are given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list to receive future Security Bulletins via E-mail.

CPENameOperatorVersion
bb_phpmailerle1.73.1

Related

typo3 2
joomla 4
checkpoint_advisories 1
fedora 2
rapid7blog 1
packetstorm 6
attackerkb 1
openvas 10
ubuntucve 2
osv 6
nessus 20
debian 5
threatpost 2
myhack58 2
freebsd 2
zdt 3
prion 1
veracode 1
debiancve 1
alpinelinux 1
seebug 2
f5 1
exploitpack 3
github 2
cve 1
altlinux 1
exploitdb 3
thn 1
ubuntu 2
archlinux 1
typo3
typo3
Remote Code Execution in extension "AH Sendmail" (ah_sendmail)
2017-07-11 00:00:00
Remote Code Execution in extension "Maag Sendmail" (maag_sendmail)
2017-07-11 00:00:00
joomla
joomla
Chronoforms 5.0.13 PHP mailer vulnerability
2016-12-30 00:00:00
AcyMailing 5.6.0 PHP Mailer vulnerability
2016-12-28 00:00:00
Jomres 9.8.22 and previous PHPMailer vulnerability
2016-12-31 00:00:00
checkpoint_advisories
checkpoint_advisories
PHPMailer Mail From Remote Code Execution (CVE-2016-10033; CVE-2016-10045)
2016-12-27 00:00:00
fedora
fedora
[SECURITY] Fedora 25 Update: php-PHPMailer-5.2.21-1.fc25
2017-01-06 04:52:02
[SECURITY] Fedora 24 Update: php-PHPMailer-5.2.22-1.fc24
2017-01-17 20:21:44
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2022-07-01 18:44:47
packetstorm
packetstorm
PHPMailer Sendmail Argument Injection
2017-01-04 00:00:00
SmartJobBoard 5.0.9 Cross Site Scripting / Information Disclosure
2017-04-04 00:00:00
PHPMailer Remote Code Execution
2016-12-28 00:00:00
attackerkb
attackerkb
CVE-2016-10033
2016-12-30 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-3750-1)
2017-01-05 00:00:00
Debian: Security Advisory (DSA-3750)
2023-03-08 00:00:00
Debian Security Advisory DSA 3750-1 (libphp-phpmailer - security update)
2017-01-05 00:00:00
ubuntucve
ubuntucve
CVE-2016-10033
2016-12-30 00:00:00
CVE-2016-10045
2016-12-30 00:00:00
osv
osv
Remote code execution in PHPMailer
2020-03-05 22:09:17
CVE-2016-10045
2016-12-30 19:59:00
CVE-2016-10033
2016-12-30 19:59:00
nessus
nessus
Fedora 25 : php-PHPMailer (2016-6941d25875)
2017-01-06 00:00:00
Debian DSA-3750-1 : libphp-phpmailer - security update
2017-01-03 00:00:00
F5 Networks BIG-IP : PHPMailer vulnerability (K73926196)
2017-05-19 00:00:00
debian
debian
[SECURITY] [DLA 770-1] libphp-phpmailer security update
2016-12-31 14:24:48
[SECURITY] [DSA 3750-1] libphp-phpmailer security update
2016-12-31 10:48:11
[SECURITY] [DSA 3750-2] libphp-phpmailer regression update
2017-01-03 18:31:58
threatpost
threatpost
PHPMailer Bug Leaves Millions of Websites Open to Attack
2016-12-27 13:22:54
PHPMailer, SwiftMailer Updates Resolve Critical Remote Code Execution Vulnerabilities
2016-12-29 14:20:38
myhack58
myhack58
WordPress 4.6 remote code execution vulnerability-vulnerability warning-the black bar safety net
2017-05-05 00:00:00
PhpMailer and SwiftMailer, the ZendMail successive exposure of the RCE high-risk vulnerabilities, affecting millions of Web servers-vulnerability warning-the black bar safety net
2017-01-05 00:00:00
freebsd
freebsd
phpmailer -- Remote Code Execution
2016-12-28 00:00:00
moodle -- multiple vulnerabilities
2017-01-17 00:00:00
zdt
zdt
PHPMailer Sendmail Argument Injection Exploit
2017-01-04 00:00:00
PHPMailer 5.2.20 - Remote Code Execution Exploit
2016-12-28 00:00:00
PHPMailer < 5.2.20 with Exim MTA - Remote Code Execution Exploit
2017-06-22 00:00:00
prion
prion
Command injection
2016-12-30 19:59:00
veracode
veracode
Remote Code Execution (RCE)
2017-07-26 01:24:02
debiancve
debiancve
CVE-2016-10045
2016-12-30 19:59:00
alpinelinux
alpinelinux
CVE-2016-10045
2016-12-30 19:59:00
seebug
seebug
PHPMailer < 5.2.20 Remote Code Execution (0day Patch Bypass/exploit) (CVE-2016-10045)
2016-12-29 00:00:00
WordPress Core 4.6 - Unauthenticated Remote Code Execution
2017-05-04 00:00:00
f5
f5
K73926196 : PHPMailer vulnerability CVE-2016-10045
2017-02-13 00:00:00
exploitpack
exploitpack
PHPMailer 5.2.20 - Remote Code Execution
2016-12-27 00:00:00
PHPMailer 5.2.20 SwiftMailer 5.4.5-DEV Zend Framework zend-mail 2.4.11 - AIO PwnScriptum Remote Code Execution
2017-01-02 00:00:00
PHPMailer 5.2.20 with Exim MTA - Remote Code Execution
2017-06-21 00:00:00
github
github
Remote code execution in PHPMailer
2020-03-05 22:09:17
Remote code execution in PHPMailer
2020-03-05 22:09:14
cve
cve
CVE-2016-10045
2016-12-30 19:59:00
altlinux
altlinux
Security fix for the ALT Linux 9 package phpipam version 1.26.050-alt1
2016-12-26 00:00:00
exploitdb
exploitdb
PHPMailer &lt; 5.2.20 - Remote Code Execution
2016-12-27 00:00:00
PHPMailer &lt; 5.2.20 with Exim MTA - Remote Code Execution
2017-06-21 00:00:00
PHPMailer &lt; 5.2.20 / SwiftMailer &lt; 5.4.5-DEV / Zend Framework / zend-mail &lt; 2.4.11 - &#039;AIO&#039; &#039;PwnScriptum&#039; Remote Code Execution
2017-01-02 00:00:00
thn
thn
Critical Updates — RCE Flaws Found in SwiftMailer, PhpMailer and ZendMail
2017-01-02 23:45:00
ubuntu
ubuntu
PHPMailer vulnerability
2023-03-15 00:00:00
PHPMailer vulnerabilities
2023-03-15 00:00:00
archlinux
archlinux
[ASA-201701-22] wordpress: multiple issues
2017-01-15 00:00:00

0.967 High

EPSS

Percentile

99.6%

JSON
Related for TYPO3-EXT-SA-2017-006
typo32joomla4checkpoint_advisories1fedora2rapid7blog1packetstorm6attackerkb1openvas10ubuntucve2osv6nessus20debian5threatpost2myhack582freebsd2zdt3prion1veracode1debiancve1alpinelinux1seebug2f51exploitpack3github2cve1altlinux1exploitdb3thn1ubuntu2archlinux1