CVE-2016-10045
CRITICAL9.8EPSS 93.1%Remote code execution in PHPMailer
發布日:2020/3/5修改日:2025/11/19
描述
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033.
受影響套件(3)
- Alpine/php5-phpmailerfrom 0, < 5.2.0-r1
- Alpine/php-phpmailerfrom 0, < 5.2.4-r0
- Packagist/phpmailer/phpmailer>= 5.0.0, < 5.2.20
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
參考連結(17)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2016-10045
- ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2016-10045
- PATCHhttps://github.com/PHPMailer/PHPMailer
- WEBhttp://openwall.com/lists/oss-security/2016/12/28/1
- WEBhttp://packetstormsecurity.com/files/140286/PHPMailer-Remote-Code-Execution.html
- WEBhttp://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html
- WEBhttps://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.html
- WEBhttp://seclists.org/fulldisclosure/2016/Dec/81
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/phpmailer/phpmailer/CVE-2016-10045.yaml
- WEBhttps://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.20
- WEBhttps://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-4pc3-96mx-wwc8
- WEBhttps://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities
- WEBhttps://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html
- WEBhttps://www.exploit-db.com/exploits/40969
- WEBhttps://www.exploit-db.com/exploits/40986
- WEBhttps://www.exploit-db.com/exploits/42221
- WEBhttp://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection