Published: 30/12/2016 Updated: 04/11/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 765

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer prior to 5.4.5 might allow remote malicious users to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address in the (1) From, (2) ReturnPath, or (3) Sender header.

Vulnerable Product	Search on Vulmon	Subscribe to Product
swiftmailer swiftmailer

Debian Bug report logs - #849626 libphp-swiftmailer: CVE-2016-10074 Package: src:libphp-swiftmailer; Maintainer for src:libphp-swiftmailer is Nicolas Roudaire <nikrou77@gmailcom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 29 Dec 2016 10:00:05 UTC Severity: grave Tags: security, upstream Found ...

Dawid Golunski from LegalHackers discovered that PHP Swift Mailer, a mailing solution for PHP, did not correctly validate user input This allowed a remote attacker to execute arbitrary code by passing specially formatted email addresses in specific email headers For the stable distribution (jessie), this problem has been fixed in version 522-1+ ...

<?php /* SwiftMailer <= 545-DEV Remote Code Execution (CVE-2016-10074) Discovered/Coded by: Dawid Golunski legalhackerscom Full Advisory URL: legalhackerscom/advisories/SwiftMailer-Exploit-Remote-Code-Exec-CVE-2016-10074-Vulnhtml Exploit code URL: legalhackerscom/exploits/CVE-2016-10074/SwiftMailer_PoC ...

#!/usr/bin/python intro = """\033[94m __ __ __ __ __ / / ___ ____ _____ _/ / / / / /___ ______/ /_____ __________ / / / _ \/ __ `/ __ `/ / / /_/ / __ `/ ___/ //_/ _ \/ ___/ ___/ / /___/ __/ /_/ / /_/ / / / __ / /_/ / /__/ ,< / __/ / (__ ) /_____/\___/\__, /\__,_/_/ /_/ ...

#!/usr/bin/python # # Exploit Title: [RCE for PHPMailer < 5220 with Exim MTA] # Date: [16/06/2017] # Exploit Author: [@phackt_ul] # Software Link: [githubcom/PHPMailer/PHPMailer] # Version: [< 5220] # Tested on: [Debian x86/x64] # CVE : [CVE-2016-10033,CVE-2016-10074,CVE-2016-10034,CVE-2016-10045] # # @phackt_ul - phackt ...

SwiftMailer versions prior to 545-DEV suffers from a remote code execution vulnerability ...

SquirrelMail versions 1422 and below suffer from a remote code execution vulnerability ...

WordPress (core) 46 suffers from an unauthenticated remote code execution condition via an exploitable version of PHPMailer built-in to WordPress code Exploitation details provided ...

This proof of concept exploit aims to execute a reverse shell on the target in the context of the web server user via a vulnerable PHP email library ...

PHPMailer / Zend-mail / SwiftMailer - Remote Code Execution Exploit aka "PwnScriptum" CVE-2016-10033 + CVE-2016-10045 + CVE-2016-10034 + CVE-2016-10074 This PoC exploit aims to execute a reverse shell on the target in the context of the web-server user via vulnerable PHP email library Discovered and Coded by: \033[1;34m Dawid Golunski legalhackerscom t: @d

Hate 'contact us' forms? This PHPmailer zero day will drop shell in sender

The Register • Darren Pauli • 03 Jan 2017

Borked patch opens remote code execution on web servers

Websites using PHPMailer for forms are at risk from a critical-rated remote code execution zero day bug. Legal Hackers researcher Dawid Golunski found the vulnerability (CVE-2016-10074) in the much-used library, found in the world's most popular content management systems and addons. The bug also affects the Zend Mailer and SwiftMailer . A patch was issued for the vulnerability but it can be bypassed, Golunski says, reopening the avenue for attack. Golunski created a limited proof-of-concept exp...

CVE-2016-10074

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect