Added: 01/17/2017
BID: 95140
Swift Mailer is a component-based library used for sending email from PHP. It is used by many PHP programming frameworks, e.g., Yii2, Laraval, and Symfony.
Swift Mailer library mail transport (Swift_Transport_MailTransport) is vulnerable to command injection due to failure to properly sanitize the “From”, “ReturnPath” and “Sender” headers.
Upgrade to Swift Mailer 5.4.5 or higher.
<http://pwnscriptum.com/>
<https://legalhackers.com/advisories/SwiftMailer-Exploit-Remote-Code-Exec-CVE-2016-10074-Vuln.html>
<https://www.exploit-db.com/exploits/40986/>
Exploit works on Swift Mailer before 5.4.5.
Exploit targets a common web application component: a contact form. The contact form action parameter value and field names must match the specified value/field names (e.g., send/name/email/msg).
There must be a web-user writable directory under the web application directory.