CVE-2016-10033

Scores

EPSS

0.944High94.4%

0%20%40%60%80%100%

Percentile: 94.4%

CVSS

9.8Critical3.x

0246810

CVSS Score: 9.8/10

All CVSS Scores

CVSS 3.x

9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0

7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Description

The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \” (backslash double quote) in a crafted Sender property.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.

Learn more about Scaner-VS 7

Sources

debiannvdubuntu

CWEs

CWE-88

Exploits

Exploit ID: 40968

Source: exploitdb

URL: https://www.exploit-db.com/exploits/40968

Exploit ID: 40969

Source: exploitdb

URL: https://www.exploit-db.com/exploits/40969

Exploit ID: 40970

Source: exploitdb

URL: https://www.exploit-db.com/exploits/40970

Exploit ID: 40974

Source: exploitdb

URL: https://www.exploit-db.com/exploits/40974

Exploit ID: 40986

Source: exploitdb

URL: https://www.exploit-db.com/exploits/40986

Exploit ID: 41962

Source: exploitdb

URL: https://www.exploit-db.com/exploits/41962

Exploit ID: 41996

Source: exploitdb

URL: https://www.exploit-db.com/exploits/41996

Exploit ID: 42024

Source: exploitdb

URL: https://www.exploit-db.com/exploits/42024

Exploit ID: 42221

Source: exploitdb

URL: https://www.exploit-db.com/exploits/42221

Exploit ID: CVE-2016-10033

Source: github-poc

URL: https://github.com/sealldeveloper/CVE-2016-10033-PoC

Vulnerable Software (18)

Type: Configuration

Product: libphp-phpmailer

Operating System: ubuntu artful 17.10

Trait:

{
  "unaffected": true
}

Source: ubuntu

Type: Configuration

Product: libphp-phpmailer

Operating System: ubuntu bionic 18.04

Trait:

{
  "unaffected": true
}

Source: ubuntu

Type: Configuration

Product: libphp-phpmailer

Operating System: ubuntu cosmic 18.10

Trait:

{
  "unaffected": true
}

Source: ubuntu

Type: Configuration

Product: libphp-phpmailer

Operating System: ubuntu disco 19.04

Trait:

{
  "unaffected": true
}

Source: ubuntu

Type: Configuration

Product: libphp-phpmailer

Operating System: ubuntu eoan 19.10

Trait:

{
  "unaffected": true
}

Source: ubuntu

Type: Configuration

Product: libphp-phpmailer

Operating System: ubuntu focal 20.04

Trait:

{
  "unaffected": true
}

Source: ubuntu

Type: Configuration

Product: libphp-phpmailer

Operating System: ubuntu groovy 20.10

Trait:

{
  "unaffected": true
}

Source: ubuntu

Type: Configuration

Product: libphp-phpmailer

Operating System: ubuntu hirsute 21.04

Trait:

{
  "unaffected": true
}

Source: ubuntu

Type: Configuration

Product: libphp-phpmailer

Operating System: ubuntu impish 21.10

Trait:

{
  "unaffected": true
}

Source: ubuntu

Type: Configuration

Product: libphp-phpmailer

Operating System: ubuntu jammy 22.04

Trait:

{
  "unaffected": true
}

Source: ubuntu

Type: Configuration

Vendor: joomla

Product: joomla!

Operating System: * * *

Trait:

{
  "cpe_match": [
    {
      "cpe23uri": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*",
      "versionEndIncluding": "3.6.5",
      "versionStartIncluding": "1.5.0",
      "vulnerable": true
    }
  ...

{
  "cpe_match": [
    {
      "cpe23uri": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*",
      "versionEndIncluding": "3.6.5",
      "versionStartIncluding": "1.5.0",
      "vulnerable": true
    }
  ],
  "operator": "OR"
}

Source: nvd

Type: Configuration

Vendor: phpmailer_project

Product: phpmailer

Operating System: * * *

Trait:

{
  "cpe_match": [
    {
      "cpe23uri": "cpe:2.3:a:phpmailer_project:phpmailer:*:*:*:*:*:*:*:*",
      "versionEndExcluding": "5.2.18",
      "vulnerable": true
    }
  ],
  "operator": "OR"
}

Source: nvd

Type: Configuration

Vendor: wordpress

Product: wordpress

Operating System: * * *

Trait:

{
  "cpe_match": [
    {
      "cpe23uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
      "versionEndIncluding": "4.7",
      "vulnerable": true
    }
  ],
  "operator": "OR"
}

Source: nvd

Russian Vulnerability Scanner Database

CVE-2016-10033

Scores

EPSS

CVSS

All CVSS Scores

Vector Breakdown

CVSS

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Vector Breakdown

CVSS

Attack Vector

Attack Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact

Description

Scaner-VS 7 — a modern vulnerability management solution

Sources

CWEs

Exploits

Vulnerable Software (18)