Vulnerability Details : CVE-2016-10045
Public exploit exists!
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033.
Vulnerability category: Execute code
Threat overview for CVE-2016-10045
Top countries where our scanners detected CVE-2016-10045
Top open port discovered on systems with this issue
80
IPs affected by CVE-2016-10045 28
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2016-10045!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2016-10045
Probability of exploitation activity in the next 30 days: 96.69%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2016-10045
-
PHPMailer Sendmail Argument Injection
Disclosure Date: 2016-12-26First seen: 2020-04-26exploit/multi/http/phpmailer_arg_injectionPHPMailer versions up to and including 5.2.19 are affected by a vulnerability which can be leveraged by an attacker to write a file with partially controlled contents to an arbitrary location through injection of arguments that are passed to the sendmail binary. This
CVSS scores for CVE-2016-10045
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2016-10045
-
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-10045
-
https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html
PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-BypassExploit;Patch;Third Party Advisory
-
http://seclists.org/fulldisclosure/2016/Dec/81
Full Disclosure: PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016-10045) (Bypass of the CVE-2016-1033 patch)Mailing List;Patch;Third Party Advisory
-
https://www.exploit-db.com/exploits/42221/
PHPMailer < 5.2.20 with Exim MTA - Remote Code ExecutionThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/95130
PHPMailer CVE-2016-10045 Incomplete Fix Remote Code Execution VulnerabilityExploit;Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/archive/1/539967/100/0/threaded
SecurityFocusThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1037533
PHPMailer Input Validation Flaw Lets Remote Users Execute Arbitrary Code on the Target System - SecurityTrackerThird Party Advisory;VDB Entry
-
http://packetstormsecurity.com/files/140286/PHPMailer-Remote-Code-Execution.html
PHPMailer Remote Code Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.20
Release PHPMailer 5.2.20 · PHPMailer/PHPMailer · GitHubPatch;Vendor Advisory
-
https://www.exploit-db.com/exploits/40986/
PHPMailer < 5.2.20 / SwiftMailer < 5.4.5-DEV / Zend Framework / zend-mail < 2.4.11 - 'AIO' 'PwnScriptum' Remote Code ExecutionThird Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/40969/
PHPMailer < 5.2.20 - Remote Code ExecutionExploit;Third Party Advisory;VDB Entry
-
http://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection
PHPMailer Sendmail Argument InjectionExploit;Third Party Advisory
-
http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html
PHPMailer Sendmail Argument Injection ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
http://openwall.com/lists/oss-security/2016/12/28/1
oss-security - Re: PHPMailer < 5.2.18 Remote Code Execution [updated advisory] [CVE-2016-10033]Mailing List;Patch
-
https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.html
[20161205] - PHPMailer Security AdvisoryThird Party Advisory
-
https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities
About the CVE 2016 10033 and CVE 2016 10045 vulnerabilities · PHPMailer/PHPMailer Wiki · GitHubPatch;Vendor Advisory
Products affected by CVE-2016-10045
- cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*
- cpe:2.3:a:phpmailer_project:phpmailer:*:*:*:*:*:*:*:*