ALPINE-CVE-2016-10045

See a problem?
Please try reporting it to the source first.
Source
https://security.alpinelinux.org/vuln/CVE-2016-10045
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2016-10045.json
JSON Data
https://api.test.osv.dev/v1/vulns/ALPINE-CVE-2016-10045
Upstream
Published
2016-12-30T19:59:00Z
Modified
2025-09-25T23:50:33.202926Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033.

References

Affected packages

Alpine:v3.2 / php-phpmailer

Package

Name
php-phpmailer
Purl
pkg:apk/alpine/php-phpmailer?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.2.4-r0

Affected versions

5.*

5.2.0-r0

Alpine:v3.3 / php-phpmailer

Package

Name
php-phpmailer
Purl
pkg:apk/alpine/php-phpmailer?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.2.4-r0

Affected versions

5.*

5.2.0-r0

Alpine:v3.4 / php5-phpmailer

Package

Name
php5-phpmailer
Purl
pkg:apk/alpine/php5-phpmailer?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.2.0-r1

Affected versions

5.*

5.2.0-r0

Alpine:v3.5 / php5-phpmailer

Package

Name
php5-phpmailer
Purl
pkg:apk/alpine/php5-phpmailer?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.2.4-r1

Affected versions

5.*

5.2.0-r0
5.2.4-r0