CVE-2016-10034

high-risk
Published 2016-12-30

The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address.

Do I need to act?

!
82.3% chance of exploitation in next 30 days
EPSS score — higher than 18% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
3 public exploits available
40986, 42221, 40979
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (10)

Affected Vendors

Zend

References (16)

Third Party Advisory http://www.securityfocus.com/bid/95144
http://www.securitytracker.com/id/1037539
Exploit https://framework.zend.com/security/advisory/ZF2016-04
Exploit https://legalhackers.com/advisories/ZendFramework-Exploit-ZendMail-Remote-Code-E...
https://security.gentoo.org/glsa/201804-10
https://www.exploit-db.com/exploits/40979/
https://www.exploit-db.com/exploits/40986/
https://www.exploit-db.com/exploits/42221/
Third Party Advisory http://www.securityfocus.com/bid/95144
http://www.securitytracker.com/id/1037539
Exploit https://framework.zend.com/security/advisory/ZF2016-04
Exploit https://legalhackers.com/advisories/ZendFramework-Exploit-ZendMail-Remote-Code-E...
https://security.gentoo.org/glsa/201804-10
https://www.exploit-db.com/exploits/40979/
https://www.exploit-db.com/exploits/40986/
https://www.exploit-db.com/exploits/42221/
68
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 20/34 · Moderate
Exposure 16/34 · Moderate