// For flags

CVE-2016-10033

WordPress PHPMailer Host Header Command Injection

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

26
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.

La función mailSend en el transporte isMail en PHPMailer en versiones anteriores a 5.2.18 podrían permitir a atacantes remotos pasar parámetros extra al comando mail y consecuentemente ejecutar código arbitrario a través de una \" (barra invertida comillas dobles) en una propiedad Sender manipulada.

PHPMailer version 5.2.17 suffers from a remote code execution vulnerability.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-12-22 CVE Reserved
  • 2016-12-26 CVE Published
  • 2016-12-26 First Exploit
  • 2024-07-14 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CAPEC
References (36)
URL Tag Source
http://www.securityfocus.com/archive/1/539963/100/0/threaded Broken Link
http://www.securitytracker.com/id/1037533 Broken Link
https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.html Third Party Advisory
https://www.drupal.org/psa-2016-004 Third Party Advisory
https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html
http://www.exim.org/exim-html-current/doc/html/spec_html/ch-string_expansions.html
https://httpd.apache.org/docs/2.4/mod/core.html#httpprotocoloptions
URL Date SRC
https://www.exploit-db.com/exploits/41962 2024-08-06
https://www.exploit-db.com/exploits/42024 2024-08-06
https://www.exploit-db.com/exploits/41996 2024-08-06
https://www.exploit-db.com/exploits/40974 2024-08-06
https://www.exploit-db.com/exploits/42221 2024-08-06
https://www.exploit-db.com/exploits/40970 2024-08-06
https://www.exploit-db.com/exploits/40968 2024-08-06
https://www.exploit-db.com/exploits/40969 2024-08-06
https://www.exploit-db.com/exploits/40986 2024-08-06
https://github.com/opsxcq/exploit-CVE-2016-10033 2019-10-13
https://github.com/GeneralTesler/CVE-2016-10033 2017-05-10
https://github.com/chipironcin/CVE-2016-10033 2017-06-12
https://github.com/0x00-0x00/CVE-2016-10033 2018-02-09
https://github.com/ElnurBDa/CVE-2016-10033 2024-05-16
https://github.com/Bajunan/CVE-2016-10033 2017-05-19
https://github.com/j4k0m/CVE-2016-10033 2021-08-31
https://github.com/Astrowmist/POC-CVE-2016-10033 2024-06-06
https://github.com/zeeshanbhattined/exploit-CVE-2016-10033 2019-10-13
https://github.com/liusec/WP-CVE-2016-10033 2017-07-22
http://packetstormsecurity.com/files/140291/PHPMailer-Remote-Code-Execution.html 2024-08-06
http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html 2024-08-06
http://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection 2024-08-06
http://www.securityfocus.com/bid/95108 2024-08-06
https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html 2024-08-06
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/phpmailer_arg_injection.rb 2016-12-26
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/wp_phpmailer_host_header.rb 2017-05-03
URL Date SRC
http://seclists.org/fulldisclosure/2016/Dec/78 2024-02-14
https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.18 2024-02-14
https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities 2024-02-14
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Phpmailer Project
Search vendor "Phpmailer Project"
 Phpmailer
Search vendor "Phpmailer Project" for product "Phpmailer"
 < 5.2.18
Search vendor "Phpmailer Project" for product "Phpmailer" and version " < 5.2.18"
-
Affected
Wordpress
Search vendor "Wordpress"
 Wordpress
Search vendor "Wordpress" for product "Wordpress"
 <= 4.7
Search vendor "Wordpress" for product "Wordpress" and version " <= 4.7"
-
Affected
Joomla
Search vendor "Joomla"
 Joomla\!
Search vendor "Joomla" for product "Joomla\!"
 >= 1.5.0 <= 3.6.5
Search vendor "Joomla" for product "Joomla\!" and version " >= 1.5.0 <= 3.6.5"
-
Affected