Added: 01/05/2017
BID: 95108
PHPMailer is a PHP class used for sending email from PHP. It is used by many open-source projects, e.g., WordPress, Drupal, and Joomla.
PHPMailer class mailSend() function is vulnerable to command injection due to failure to properly sanitize the destination email address.
Upgrade to PHPMailer 5.2.20 or higher.
<http://pwnscriptum.com/>
<https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html>
<https://www.exploit-db.com/exploits/40986/>
Exploit works on PHPMailer before 5.2.18.
Exploit targets a common web application component: a contact form. The contact form action parameter value and field names must match the specified value/field names (e.g., send/name/email/msg).
There must be a web-user writable directory under the web application directory.