Main Vulnerability Database Exploits ID:8221 - Exploit for Remote code injection in PHPMailer - CVE-2016-10033

ID:8221 - Exploit for Remote code injection in PHPMailer - CVE-2016-10033

Published: August 7, 2022

Vulnerability identifier: #VU3118

Vulnerability risk: High

CVE-ID: CVE-2016-10033

CWE-ID: CWE-94

Exploitation vector: Remote access

Vulnerable software:
PHPMailer

Link to public exploit:

https://github.com/zeeshanbhattined/exploit-CVE-2016-10033

Vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insufficient sanitization of user-supplied input passed via specially crafted “From” address to mailSend() function. A remote attacker can use backslashed double quote character (e.g. \") to pass additional commands to original mail command and execute them with privileges of the current web server user.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install the latest version 5.2.21 from vendor's website.

ID:8221 - Exploit for Remote code injection in PHPMailer - CVE-2016-10033

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human