Published: 30/12/2016 Updated: 21/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 765

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The setFrom function in the Sendmail adapter in the zend-mail component prior to 2.4.11, 2.5.x, 2.6.x, and 2.7.x prior to 2.7.2, and Zend Framework prior to 2.4.11 might allow remote malicious users to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zend zend framework
zend zend-mail 2.6.2
zend zend-mail 2.7.0
zend zend-mail 2.7.1
zend zend-mail 2.5.0
zend zend-mail
zend zend-mail 2.6.0
zend zend-mail 2.6.1
zend zend-mail 2.5.1
zend zend-mail 2.5.2

This proof of concept exploit aims to execute a reverse shell on the target in the context of the web server user via a vulnerable PHP email library ...

<?php /* Zend Framework < 2411 Remote Code Execution (CVE-2016-10034) zend-mail < 2411 zend-mail < 272 Discovered/Coded by: Dawid Golunski legalhackerscom Full Advisory URL: legalhackerscom/advisories/ZendFramework-Exploit-ZendMail-Remote-Code-Exec-CVE-2016-10034html Video PoC legalhacker ...

#!/usr/bin/python intro = """\033[94m __ __ __ __ __ / / ___ ____ _____ _/ / / / / /___ ______/ /_____ __________ / / / _ \/ __ `/ __ `/ / / /_/ / __ `/ ___/ //_/ _ \/ ___/ ___/ / /___/ __/ /_/ / /_/ / / / __ / /_/ / /__/ ,< / __/ / (__ ) /_____/\___/\__, /\__,_/_/ /_/ ...

#!/usr/bin/python # # Exploit Title: [RCE for PHPMailer < 5220 with Exim MTA] # Date: [16/06/2017] # Exploit Author: [@phackt_ul] # Software Link: [githubcom/PHPMailer/PHPMailer] # Version: [< 5220] # Tested on: [Debian x86/x64] # CVE : [CVE-2016-10033,CVE-2016-10074,CVE-2016-10034,CVE-2016-10045] # # @phackt_ul - phackt ...

PHPMailer / Zend-mail / SwiftMailer - Remote Code Execution Exploit aka "PwnScriptum" CVE-2016-10033 + CVE-2016-10045 + CVE-2016-10034 + CVE-2016-10074 This PoC exploit aims to execute a reverse shell on the target in the context of the web-server user via vulnerable PHP email library Discovered and Coded by: \033[1;34m Dawid Golunski legalhackerscom t: @d

CWE-77 https://legalhackers.com/advisories/ZendFramework-Exploit-ZendMail-Remote-Code-Exec-CVE-2016-10034-Vuln.html https://framework.zend.com/security/advisory/ZF2016-04 http://www.securityfocus.com/bid/95144 http://www.securitytracker.com/id/1037539 https://www.exploit-db.com/exploits/42221/https://www.exploit-db.com/exploits/40986/https://www.exploit-db.com/exploits/40979/https://security.gentoo.org/glsa/201804-10 https://nvd.nist.gov https://github.com/HectorGrimm/PHPMailer-Remote-Code-Execution-Exploit https://packetstormsecurity.com/files/140349/PHPMailer-Zend-mail-SwiftMailer-Remote-Code-Execution.html https://www.exploit-db.com/exploits/40979/

CVE-2016-10034

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect