PT-2016-4567 · Php+3 · Phpmailer+3

Dawid_Golunski

Publicado

2016-12-29

Atualizado

2023-03-15

CVE-2016-10045

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PHPMailer versions prior to 5.2.20

Description The issue is related to the isMail transport in PHPMailer, where improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code.

Recommendations For versions prior to 5.2.20, update to version 5.2.20 or later to resolve the issue. As a temporary workaround, consider restricting the use of the isMail transport until a patch is available.

Exploit

Correção

Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-77

Identificadores relacionados

ALT-PU-2016-2512

CVE-2016-10045

DSA-3750-1

DSA-3750-2

GHSA-4PC3-96MX-WWC8

USN-5956-1

Produtos afetados

Alt Linux

Linuxmint

Phpmailer

Ubuntu

PT-2016-4567 · Php+3 · Phpmailer+3

CVE-2016-10045

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 46