CVE-2016-10033 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 99%

Vendor	Product	Version
phpmailer_project	phpmailer	𝑥 < 5.2.18
wordpress	wordpress	𝑥 ≤ 4.7
joomla	joomla\!	1.5.0 ≤ 𝑥 ≤ 3.6.5

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

libphp-phpmailer

bullseye	6.2.0-2 fixed
bookworm	6.6.3-1 fixed
sid	6.9.1-1 fixed
trixie	6.9.1-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

libphp-phpmailer

jammy	not-affected
impish	not-affected
hirsute	not-affected
groovy	not-affected
focal	not-affected
eoan	not-affected
disco	not-affected
cosmic	not-affected
bionic	not-affected
artful	not-affected
zesty	not-affected
yakkety	ignored
xenial	Fixed 5.2.14+dfsg-1ubuntu0.1~esm1 released
trusty	dne
precise	ignored

Known Exploits!

Common Weakness Enumeration

CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
The software constructs a string for a command to executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.

References

http://packetstormsecurity.com/files/140291/PHPMailer-Remote-Code-Execution.html

http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html

http://seclists.org/fulldisclosure/2016/Dec/78

http://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection

http://www.securityfocus.com/archive/1/539963/100/0/threaded

http://www.securityfocus.com/bid/95108

http://www.securitytracker.com/id/1037533

https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.html

https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.18

https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities

https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html

https://www.drupal.org/psa-2016-004

https://www.exploit-db.com/exploits/40968/

https://www.exploit-db.com/exploits/40969/

https://www.exploit-db.com/exploits/40970/

https://www.exploit-db.com/exploits/40974/

https://www.exploit-db.com/exploits/40986/

https://www.exploit-db.com/exploits/41962/

https://www.exploit-db.com/exploits/41996/

https://www.exploit-db.com/exploits/42024/

https://www.exploit-db.com/exploits/42221/

http://packetstormsecurity.com/files/140291/PHPMailer-Remote-Code-Execution.html

http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html

http://seclists.org/fulldisclosure/2016/Dec/78

http://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection

http://www.securityfocus.com/archive/1/539963/100/0/threaded

http://www.securityfocus.com/bid/95108

http://www.securitytracker.com/id/1037533

https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.html

https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.18

https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities

https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html

https://www.drupal.org/psa-2016-004

https://www.exploit-db.com/exploits/40968/

https://www.exploit-db.com/exploits/40969/

https://www.exploit-db.com/exploits/40970/

https://www.exploit-db.com/exploits/40974/

https://www.exploit-db.com/exploits/40986/

https://www.exploit-db.com/exploits/41962/

https://www.exploit-db.com/exploits/41996/

https://www.exploit-db.com/exploits/42024/

https://www.exploit-db.com/exploits/42221/