CVE-2016-10033

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions PHPMailer versions prior to 5.2.18 Wordpress version 4.6

Description The issue allows remote attackers to execute arbitrary code. This can be achieved by passing extra parameters to the mail command via a crafted Sender property in PHPMailer. There is a potential for remote code execution in Wordpress 4.6.

Recommendations For PHPMailer versions prior to 5.2.18, update to version 5.2.18 or later to resolve the issue. For Wordpress version 4.6, update to a newer version to mitigate the risk of remote code execution.

Exploit

Fix

Argument Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-88CWE-77

Related Identifiers

ALT-PU-2016-2512

ALT-PU-2017-1015

ALT-PU-2023-1810

ALT-PU-2023-1837

BDU:2025-11542

CVE-2016-10033

DLA-770-1

DSA-3750-1

DSA-3750-2

GHSA-4PC3-96MX-WWC8

GHSA-5F37-GXVH-23V6

MGASA-2017-0022

USN-5956-1

Affected Products

Alt Linux

Linuxmint

Phpmailer

Ubuntu

Wordpress

CVE-2016-10033

Weakness Enumeration

Related Identifiers

Affected Products

References · 86