CVE-2016-10045
high-risk
Published 2016-12-30
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033.
Do I need to act?
!
93.4% chance of exploitation in next 30 days
EPSS score — higher than 7% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: efde5edb3da8e1d257e030e3c2d922c4de6e5d09
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Vendors
References (30)
Mailing List
http://openwall.com/lists/oss-security/2016/12/28/1
Mailing List
http://seclists.org/fulldisclosure/2016/Dec/81
Third Party Advisory
http://www.securityfocus.com/archive/1/539967/100/0/threaded
Third Party Advisory
http://www.securitytracker.com/id/1037533
Third Party Advisory
https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-adv...
Third Party Advisory
https://www.exploit-db.com/exploits/40986/
Third Party Advisory
https://www.exploit-db.com/exploits/42221/
Mailing List
http://openwall.com/lists/oss-security/2016/12/28/1
Mailing List
http://seclists.org/fulldisclosure/2016/Dec/81
and 10 more references
61
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
20/34 · Moderate
Exposure
9/34 · Low