9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
PHPMailer is vulnerable to remote code execution (RCE) attacks. It is possible because it uses escapeshellcmd()
which does not properly escape the injected extra parameters through the sendmailSend()
function. Using this flaw, attackers can inject parameters and launch the execution of arbitrary code.
CPE | Name | Operator | Version |
---|---|---|---|
phpmailer/phpmailer | le | 5.2.19 |
packetstormsecurity.com/files/140291/PHPMailer-Remote-Code-Execution.html
packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html
seclists.org/fulldisclosure/2016/Dec/78
www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection
www.securityfocus.com/archive/1/539963/100/0/threaded
www.securityfocus.com/bid/95108
www.securitytracker.com/id/1037533
developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.html
github.com/advisories/GHSA-5f37-gxvh-23v6
github.com/namepros/PHPMailer/commit/53289e663f8dcfb8b180a28834ede87ac94bf77b
github.com/opsxcq/exploit-CVE-2016-10033
github.com/PHPMailer/PHPMailer/blob/master/changelog.md
github.com/PHPMailer/PHPMailer/commit/833c35fe39715c3d01934508987e97af1fbc1ba0
github.com/PHPMailer/PHPMailer/releases/tag/v5.2.18
github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities
legalhackers.com/
legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html
legalhackers.com/videos/PHPMailer-Exploit-Remote-Code-Exec-Vuln-CVE-2016-10033-PoC.html
www.drupal.org/psa-2016-004
www.exploit-db.com/exploits/40968/
www.exploit-db.com/exploits/40969/
www.exploit-db.com/exploits/40970/
www.exploit-db.com/exploits/40974/
www.exploit-db.com/exploits/40986/
www.exploit-db.com/exploits/41962/
www.exploit-db.com/exploits/41996/
www.exploit-db.com/exploits/42024/
www.exploit-db.com/exploits/42221/
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P