CVE-2016-10045 in PHPMailerinfo

Summary

The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Reservation

12/26/2016

Disclosure

12/30/2016

Moderation

VulDB entry created

Entries

VDB-94704 (1)

CPE

ready

CWE

CWE-77 (Confirmed)

Exploit

Download

CVSS

8.5

EPSS

0.00000

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-10045
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-10045
CVE Details	https://www.cvedetails.com/cve/CVE-2016-10045/

◂ Previous Overview Next ▸

Want to know what is going to be exploited?

We predict KEV entries!