PT-2016-4560 · Php+4 · Phpmailer+4

Dawid Golunski

Publicado

2016-12-29

Atualizado

2025-07-13

CVE-2016-10033

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions PHPMailer versions prior to 5.2.18 Wordpress version 4.6

Description The issue allows remote attackers to execute arbitrary code. This can be achieved by passing extra parameters to the mail command via a crafted Sender property in PHPMailer. There is a potential for remote code execution in Wordpress 4.6.

Recommendations For PHPMailer versions prior to 5.2.18, update to version 5.2.18 or later to resolve the issue. For Wordpress version 4.6, update to a newer version to mitigate the risk of remote code execution.

Exploit

Correção

Argument Injection

Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-88CWE-77

Identificadores relacionados

ALT-PU-2016-2512

ALT-PU-2017-1015

ALT-PU-2023-1810

ALT-PU-2023-1837

BDU:2025-11542

CVE-2016-10033

DLA-770-1

DSA-3750-1

DSA-3750-2

GHSA-4PC3-96MX-WWC8

GHSA-5F37-GXVH-23V6

MGASA-2017-0022

USN-5956-1

Produtos afetados

Alt Linux

Linuxmint

Phpmailer

Ubuntu

Wordpress

PT-2016-4560 · Php+4 · Phpmailer+4

CVE-2016-10033

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 86