CVE-2016-10045

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-10045

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-10045.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-10045

Aliases

GHSA-4pc3-96mx-wwc8

Related

Published

2016-12-30T19:59:00Z

Modified

2024-09-03T01:07:17.664543Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033.

References

Affected packages

Alpine:v3.2 / php-phpmailer

Package

Name: php-phpmailer
Purl: pkg:apk/alpine/php-phpmailer?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.2.4-r0

Affected versions

5.*

5.2.0-r0

Alpine:v3.3 / php-phpmailer

Package

Name: php-phpmailer
Purl: pkg:apk/alpine/php-phpmailer?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.2.4-r0

Affected versions

5.*

5.2.0-r0

Alpine:v3.4 / php5-phpmailer

Package

Name: php5-phpmailer
Purl: pkg:apk/alpine/php5-phpmailer?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.2.0-r1

Affected versions

5.*

5.2.0-r0

Alpine:v3.5 / php5-phpmailer

Package

Name: php5-phpmailer
Purl: pkg:apk/alpine/php5-phpmailer?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.2.4-r1

Affected versions

5.*

5.2.0-r0

5.2.4-r0

Git / github.com/wordpress/wordpress

Affected ranges

Type: GIT
Repo: https://github.com/wordpress/wordpress
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3506bfe7d5abbb8facd0b80f50fe2e90e22f192a

Type: GIT
Repo: https://github.com/wordpress/wordpress-develop
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

dad62d94743c6c245bed2e3852b32dc1f271a019