Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-10045Command Injection in Project Phpmailer

CWE-77Command InjectionCWE-88Argument Injection19 documents9 sources
Severity
9.8CRITICALNVD
EPSS
93.4%
top 0.19%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
Phpmailer Project PhpmailerPhpmailerJoomla !+1 more
Timeline
PublishedDec 30
Latest updateMar 15

Description

The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

Packagistphpmailer/phpmailer5.0.05.2.18+1
NVDjoomla/joomla_!1.5.03.6.5

Patches

Patch: openwall.comPatch: seclists.orgPatch: github.com

🔴Vulnerability Details

8
OSV
libphp-phpmailer vulnerability2023-03-15
OSV
libphp-phpmailer vulnerabilities2023-03-15
OSV
Remote code execution in PHPMailer2020-03-05
OSV
Remote code execution in PHPMailer2020-03-05
GHSA
Remote code execution in PHPMailer2020-03-05

💥Exploits & PoCs

5
Exploit-DB
PHPMailer < 5.2.20 with Exim MTA - Remote Code Execution2017-06-21
Exploit-DB
PHPMailer < 5.2.20 / SwiftMailer < 5.4.5-DEV / Zend Framework / zend-mail < 2.4.11 - 'AIO' 'PwnScriptum' Remote Code Execution2017-01-02
Exploit-DB
PHPMailer < 5.2.20 - Remote Code Execution2016-12-27
Exploit-DB
PHPMailer < 5.2.19 - Sendmail Argument Injection (Metasploit)2016-12-26
Metasploit
PHPMailer Sendmail Argument Injection

📋Vendor Advisories

3
Ubuntu
PHPMailer vulnerabilities2023-03-15
Ubuntu
PHPMailer vulnerability2023-03-15
Debian
CVE-2016-10045: libphp-phpmailer - The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to ...2016

💬Community

2
Bugzilla
CVE-2016-10045 phpmailer: Parameter injection via mail() function2017-01-11
Bugzilla
CVE-2016-10033 phpmailer: Parameter injection via mail() function2017-01-02
CVE-2016-10045 — Command Injection in Project Phpmailer | cvebase