Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
friendsofphpOpenJS FoundationFRIENDSOFPHP:PHPMAILER:PHPMAILER:CVE-2016-10045
HistoryDec 28, 2016 - 12:28 p.m.

Remote Code Execution

2016-12-2812:28:04
OpenJS Foundation
github.com
10

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

10

Confidence

High

EPSS

0.967

Percentile

99.7%

JSON

Important security update! This release patches the critical vulnerability described in CVE-2016-10045 a remote code execution vulnerability, responsibly reported by Dawid Golunski, and patched by Paul Buonopane (@Zenexer). Possible side effect - complex sender addresses (such as those used in VERP addressing) may no longer work. We advise switching to the SMTP transport if you need that functionality, and it offers higher performance anyway. Please update your systems as soon as possible. Additional notes on this incident are available in the PHPMailer wiki. Note that the vulnerability described in here likely affects many other projects in a similar way, so please practice responsible disclosure, and help project maintainers fix security issues.

Affected configurations

Vulners
Node
phpmailerphpmailerRange<5.2.20
VendorProductVersionCPE
phpmailerphpmailer*cpe:2.3:a:phpmailer:phpmailer:*:*:*:*:*:*:*:*

Related

typo3 3
joomla 4
exploitdb 4
packetstorm 6
openvas 10
fedora 2
checkpoint_advisories 1
rapid7blog 1
attackerkb 1
nessus 20
zdt 3
debian 5
veracode 1
alpinelinux 1
prion 1
debiancve 1
ubuntucve 2
osv 6
cvelist 1
threatpost 2
f5 1
seebug 2
exploitpack 3
github 2
cve 1
freebsd 2
metasploit 1
nvd 1
myhack58 2
altlinux 1
thn 1
ubuntu 2
archlinux 1
typo3
typo3
Remote Code Execution in extension "AH Sendmail" (ah_sendmail)
2017-07-11 00:00:00
Remote Code Execution in extension "Maag Sendmail" (maag_sendmail)
2017-07-11 00:00:00
Remote Code Execution in extension "PHPMailer" (bb_phpmailer)
2017-07-11 00:00:00
joomla
joomla
Chronoforms 5.0.13 PHP mailer vulnerability
2016-12-30 00:00:00
AcyMailing 5.6.0 PHP Mailer vulnerability
2016-12-28 00:00:00
Jomres 9.8.22 and previous PHPMailer vulnerability
2016-12-31 00:00:00
exploitdb
exploitdb
PHPMailer &lt; 5.2.20 - Remote Code Execution
2016-12-27 00:00:00
PHPMailer &lt; 5.2.20 with Exim MTA - Remote Code Execution
2017-06-21 00:00:00
PHPMailer &lt; 5.2.20 / SwiftMailer &lt; 5.4.5-DEV / Zend Framework / zend-mail &lt; 2.4.11 - &#039;AIO&#039; &#039;PwnScriptum&#039; Remote Code Execution
2017-01-02 00:00:00
packetstorm
packetstorm
PHPMailer Sendmail Argument Injection
2017-01-04 00:00:00
PHPMailer Remote Code Execution
2016-12-28 00:00:00
SmartJobBoard 5.0.9 Cross Site Scripting / Information Disclosure
2017-04-04 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-3750-1)
2017-01-05 00:00:00
Debian: Security Advisory (DSA-3750)
2023-03-08 00:00:00
PHPMailer < 5.2.20 RCE Vulnerability
2016-12-29 00:00:00
fedora
fedora
[SECURITY] Fedora 25 Update: php-PHPMailer-5.2.21-1.fc25
2017-01-06 04:52:02
[SECURITY] Fedora 24 Update: php-PHPMailer-5.2.22-1.fc24
2017-01-17 20:21:44
checkpoint_advisories
checkpoint_advisories
PHPMailer Mail From Remote Code Execution (CVE-2016-10033; CVE-2016-10045)
2016-12-27 00:00:00
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2022-07-01 18:44:47
attackerkb
attackerkb
CVE-2016-10033
2016-12-30 00:00:00
nessus
nessus
Debian DSA-3750-1 : libphp-phpmailer - security update
2017-01-03 00:00:00
F5 Networks BIG-IP : PHPMailer vulnerability (K73926196)
2017-05-19 00:00:00
Fedora 25 : php-PHPMailer (2016-6941d25875)
2017-01-06 00:00:00
zdt
zdt
PHPMailer Sendmail Argument Injection Exploit
2017-01-04 00:00:00
PHPMailer 5.2.20 - Remote Code Execution Exploit
2016-12-28 00:00:00
PHPMailer < 5.2.20 with Exim MTA - Remote Code Execution Exploit
2017-06-22 00:00:00
debian
debian
[SECURITY] [DSA 3750-2] libphp-phpmailer regression update
2017-01-03 18:31:58
[SECURITY] [DLA 770-1] libphp-phpmailer security update
2016-12-31 14:24:48
[SECURITY] [DLA 770-2] libphp-phpmailer regression update
2017-01-03 16:00:13
veracode
veracode
Remote Code Execution (RCE)
2017-07-26 01:24:02
alpinelinux
alpinelinux
CVE-2016-10045
2016-12-30 19:59:00
prion
prion
Command injection
2016-12-30 19:59:00
debiancve
debiancve
CVE-2016-10045
2016-12-30 19:59:00
ubuntucve
ubuntucve
CVE-2016-10033
2016-12-30 00:00:00
CVE-2016-10045
2016-12-30 00:00:00
osv
osv
Remote code execution in PHPMailer
2020-03-05 22:09:17
Remote code execution in PHPMailer
2020-03-05 22:09:14
CVE-2016-10033
2016-12-30 19:59:00
cvelist
cvelist
CVE-2016-10045
2016-12-30 19:00:00
threatpost
threatpost
PHPMailer Bug Leaves Millions of Websites Open to Attack
2016-12-27 13:22:54
PHPMailer, SwiftMailer Updates Resolve Critical Remote Code Execution Vulnerabilities
2016-12-29 14:20:38
f5
f5
K73926196 : PHPMailer vulnerability CVE-2016-10045
2017-02-13 00:00:00
seebug
seebug
PHPMailer < 5.2.20 Remote Code Execution (0day Patch Bypass/exploit) (CVE-2016-10045)
2016-12-29 00:00:00
WordPress Core 4.6 - Unauthenticated Remote Code Execution
2017-05-04 00:00:00
exploitpack
exploitpack
PHPMailer 5.2.20 - Remote Code Execution
2016-12-27 00:00:00
PHPMailer 5.2.20 SwiftMailer 5.4.5-DEV Zend Framework zend-mail 2.4.11 - AIO PwnScriptum Remote Code Execution
2017-01-02 00:00:00
PHPMailer 5.2.20 with Exim MTA - Remote Code Execution
2017-06-21 00:00:00
github
github
Remote code execution in PHPMailer
2020-03-05 22:09:17
Remote code execution in PHPMailer
2020-03-05 22:09:14
cve
cve
CVE-2016-10045
2016-12-30 19:59:00
freebsd
freebsd
phpmailer -- Remote Code Execution
2016-12-28 00:00:00
moodle -- multiple vulnerabilities
2017-01-17 00:00:00
metasploit
metasploit
PHPMailer Sendmail Argument Injection
2016-12-29 22:17:06
nvd
nvd
CVE-2016-10045
2016-12-30 19:59:00
myhack58
myhack58
WordPress 4.6 remote code execution vulnerability-vulnerability warning-the black bar safety net
2017-05-05 00:00:00
PhpMailer and SwiftMailer, the ZendMail successive exposure of the RCE high-risk vulnerabilities, affecting millions of Web servers-vulnerability warning-the black bar safety net
2017-01-05 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package phpipam version 1.26.050-alt1
2016-12-26 00:00:00
thn
thn
Critical Updates — RCE Flaws Found in SwiftMailer, PhpMailer and ZendMail
2017-01-02 23:45:00
ubuntu
ubuntu
PHPMailer vulnerability
2023-03-15 00:00:00
PHPMailer vulnerabilities
2023-03-15 00:00:00
archlinux
archlinux
[ASA-201701-22] wordpress: multiple issues
2017-01-15 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

10

Confidence

High

EPSS

0.967

Percentile

99.7%

JSON
Related for FRIENDSOFPHP:PHPMAILER:PHPMAILER:CVE-2016-10045
typo33joomla4exploitdb4packetstorm6openvas10fedora2checkpoint_advisories1rapid7blog1attackerkb1nessus20zdt3debian5veracode1alpinelinux1prion1debiancve1ubuntucve2osv6cvelist1threatpost2f51seebug2exploitpack3github2cve1freebsd2metasploit1nvd1myhack582altlinux1thn1ubuntu2archlinux1