Vulnerability identifier: #VU3118

Vulnerability risk: High

CVSSv3.1: 9.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C]

CVE-ID: CVE-2016-10033

CWE-ID: CWE-94

Exploitation vector: Network

Exploits in database: 23

• August 7, 2022
  • exploit-CVE-2016-10033 (PHPMailer < 5.2.18 Remote Code Execution) [Github]
• April 27, 2020
  • CVE_2016-10033 (Exploiting PHPMail with back connection (reverse shell) from the target) [Github]
• April 7, 2020
  • exploit-CVE-2016-10034 (PHPMailer < 5.2.18 Remote Code Execution) [Github]
  • CVE_2016-10033 (Exploiting PHPMail with back connection (reverse shell) from the target) [Github]
  • Exploits (Containing Self Made Perl Reproducers / PoC Codes) [Github]
• March 18, 2020
  • CVE-2016-10033 (WordPress 4.6 - Remote Code Execution (RCE) PoC Exploit) [Github]
  • CVE-2016-10033 (PHPMailer < 5.2.18 Remote Code Execution Exploit ) [Github]
  • exploit-CVE-2016-10033 (PHPMailer < 5.2.18 Remote Code Execution exploit and vulnerable container) [Github]
  • Alien-Framework (Alien-Framework, it is a framework with many CVE exploits and tools to use in pen-testing.) [Github]
  • PHPMailer < 5.2.18 - Remote Code Execution (Bash) [Exploit-DB]
  • PHPMailer Sendmail Argument Injection [Metasploit]
  • WordPress PHPMailer Host Header Command Injection [Metasploit]
  • CVE-2016-10033 (RCE against WordPress 4.6; Python port of https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html) [Github]
  • PHPMailer < 5.2.18 - Remote Code Execution (PHP) [Exploit-DB]
  • PHPMailer < 5.2.20 - Remote Code Execution [Exploit-DB]
  • PHPMailer < 5.2.18 - Remote Code Execution (Python) [Exploit-DB]
  • PHPMailer < 5.2.20 / SwiftMailer < 5.4.5-DEV / Zend Framework / zend-mail < 2.4.11 - (AIO) 'PwnScriptum' Remote Code Execution [Exploit-DB]
  • WordPress 4.6 - Unauthenticated Remote Code Execution [Exploit-DB]
  • Vanilla Forums < 2.3 - Remote Code Execution [Exploit-DB]
  • WordPress PHPMailer 4.6 - Host Header Command Injection (Metasploit) [Exploit-DB]
  • PHPMailer < 5.2.20 with Exim MTA - Remote Code Execution [Exploit-DB]
  • cve-2016-10033-45 (Exploits CVE-2016-10033 and CVE-2016-10045) [Github]
  • CVE-2016-10033 (Code and vulnerable WordPress container for exploiting CVE-2016-10033) [Github]

Impact: Code execution

Vulnerable software:
PHPMailer
Web applications / Other software

Vendor: phpmailer.sourceforge.net