CVEブラウザに戻る

CVE-2016-10033

Known Exploited (CISA KEV)CRITICAL

9.8

CVSS Severity Score

EPSS Score91.7380%

EPSS Percentile94.64th

Published2016年12月30日

Last Modified2026年4月21日

Vulnerability Description

The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.

Affected Platforms (CPE)

📦

Phpmailer Project

Phpmailer

< 5.2.18

📦

Wordpress

Wordpress

<= 4.7

📦

Joomla

Joomla\!

>= 1.5.0 and <= 3.6.5

References & Advisories

🔗 http://packetstormsecurity.com/files/140291/PHPMailer-Remote-Code-Execution.html

🔗 http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html

🔗 http://seclists.org/fulldisclosure/2016/Dec/78

🔗 http://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection

🔗 http://www.securityfocus.com/archive/1/539963/100/0/threaded

🔗 http://www.securityfocus.com/bid/95108

🔗 http://www.securitytracker.com/id/1037533

🔗 https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.html

関連する脆弱性情報

CVE-2008-561910.0

html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alp...

CVE-2016-100459.8

The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and cons...

CVE-2020-363269.8

PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: th...

CVE-2018-192968.8

PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack.