CVSS: 9.8EPSS: 96%CPEs: 3EXPL: 9CVE-2016-10045 – PHPMailer Sendmail Argument Injection
https://notcve.org/view.php?id=CVE-2016-10045
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033. El transporte isMail en PHPMailer en versiones anteriores a 5.2.20 podrían permitir a atacantes remotos pasar parámetros extra al comando de correo y consecuentemente ejecutar código arbitrario aprovechando una interacción inapropiada entre la función escapeshellarg y un escape interno realizado en la función mail en PHP. NOTA: esta vulnerabilidad existe debido a una incorrecta reparación de CVE-2016-10033. • https://www.exploit-db.com/exploits/42221 https://www.exploit-db.com/exploits/40969 https://www.exploit-db.com/exploits/40986 http://openwall.com/lists/oss-security/2016/12/28/1 http://packetstormsecurity.com/files/140286/PHPMailer-Remote-Code-Execution.html http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html http://seclists.org/fulldisclosure/2016/Dec/81 http://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection http://www.securityfocus& • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 97%CPEs: 3EXPL: 26CVE-2016-10033 – WordPress PHPMailer Host Header Command Injection
https://notcve.org/view.php?id=CVE-2016-10033
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property. La función mailSend en el transporte isMail en PHPMailer en versiones anteriores a 5.2.18 podrían permitir a atacantes remotos pasar parámetros extra al comando mail y consecuentemente ejecutar código arbitrario a través de una \" (barra invertida comillas dobles) en una propiedad Sender manipulada. PHPMailer version 5.2.17 suffers from a remote code execution vulnerability. • https://www.exploit-db.com/exploits/41962 https://www.exploit-db.com/exploits/42024 https://www.exploit-db.com/exploits/41996 https://www.exploit-db.com/exploits/40974 https://www.exploit-db.com/exploits/42221 https://www.exploit-db.com/exploits/40970 https://www.exploit-db.com/exploits/40968 https://www.exploit-db.com/exploits/40969 https://www.exploit-db.com/exploits/40986 https://github.com/opsxcq/exploit-CVE-2016-10033 https://github.com/GeneralTesler/CVE- • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2015-8476
https://notcve.org/view.php?id=CVE-2015-8476
Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 allow attackers to inject arbitrary SMTP commands via CRLF sequences in an (1) email address to the validateAddress function in class.phpmailer.php or (2) SMTP command to the sendCommand function in class.smtp.php, a different vulnerability than CVE-2012-0796. Múltiples vulnerabilidades de inyección CRLF en PHPMailer en versiones anteriores a 5.2.14 permite a atacantes inyectar comandos SMTP arbitrarios a través de secuencias CRLF en (1) una dirección de correo electrónico de la función validateAddress en class.phpmailer.php o (2) un comando SMTP de la función sendCommand en class.smtp.php, una vulnerabilidad diferente a CVE-2012-0796. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177130.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177139.html http://www.debian.org/security/2015/dsa-3416 http://www.openwall.com/lists/oss-security/2015/12/04/5 http://www.openwall.com/lists/oss-security/2015/12/05/1 http://www.securityfocus.com/bid/78619 https://github.com/PHPMailer/PHPMailer/commit/6687a96a18b8f12148881e4ddde795ae477284b0 https://github.com/PHPMailer/PHPMailer/releases/tag& • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 1%CPEs: 5EXPL: 0CVE-2007-3215
https://notcve.org/view.php?id=CVE-2007-3215
PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php. PHPMailer 1.7, cuando está configurado para utilizar sendmail, permite a atacantes remotos ejecutar comandos del intérprete de comandos (shell) a través de los metacaracterés del intérprete de comandos en la función SendmailSend en class.phpmailer.php. • http://larholm.com/2007/06/11/phpmailer-0day-remote-execution http://osvdb.org/37206 http://osvdb.org/76139 http://seclists.org/fulldisclosure/2011/Oct/223 http://secunia.com/advisories/25626 http://secunia.com/advisories/25755 http://secunia.com/advisories/25758 http://securityreason.com/securityalert/2802 http://sourceforge.net/project/shownotes.php?release_id=517428&group_id=157374 http://www.debian.org/security/2007/dsa-1315 http://www.securityfocus.com/archive/1/471065&# •
CVSS: 5.0EPSS: 13%CPEs: 1EXPL: 3CVE-2005-1807 – PHPMailer 1.7 - 'Data()' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2005-1807
The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier allows remote attackers to cause a denial of service (infinite loop leading to memory and CPU consumption) via a long header field. • https://www.exploit-db.com/exploits/25752 http://seclists.org/lists/bugtraq/2005/May/0337.html http://secunia.com/advisories/15543 http://secunia.com/advisories/18732 http://secunia.com/advisories/25726 http://securitytracker.com/id?1014069 http://sourceforge.net/project/shownotes.php?release_id=341210&group_id=26031 http://www.cybsec.com/vuln/PHPMailer-DOS.pdf http://www.securityfocus.com/bid/13805 http://www.vupen.com/english/advisories/2006/0448 http://www.vupen.com& •