返回 CVE 浏览器

CVE-2016-10045

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1640%

EPSS Percentile9.88th

Published2016年12月30日

Last Modified2026年5月6日

Vulnerability Description

The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033.

Affected Platforms (CPE)

📦

Phpmailer Project

Phpmailer

< 5.2.20

📦

Wordpress

Wordpress

<= 4.7

📦

Joomla

Joomla\!

>= 1.5.0 and <= 3.6.5

References & Advisories

🔗 http://openwall.com/lists/oss-security/2016/12/28/1

🔗 http://packetstormsecurity.com/files/140286/PHPMailer-Remote-Code-Execution.html

🔗 http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html

🔗 http://seclists.org/fulldisclosure/2016/Dec/81

🔗 http://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection

🔗 http://www.securityfocus.com/archive/1/539967/100/0/threaded

🔗 http://www.securityfocus.com/bid/95130

🔗 http://www.securitytracker.com/id/1037533

相关漏洞威胁

CVE-2008-561910.0

html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alp...

CVE-2016-100339.8

The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to ...

CVE-2020-363269.8

PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: th...

CVE-2018-192968.8

PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack.