漏洞信息(CVE-2016-10033) - by 漏洞平台

漏洞详情： CVE-2016-10033

漏洞标题

NVD 暂无描述信息

来源：NVD

PHPMailer 安全漏洞

来源：CNNVD

漏洞描述

The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.

来源：NVD

PHPMailer是一个用于发送电子邮件的PHP类库。 PHPMailer 5.2.18之前的版本中的isMail transport的‘mailSend’函数存在安全漏洞，该漏洞源于程序没有设置Sender属性。远程攻击者可利用该漏洞向邮件命令中传递额外的参数，并执行任意代码。

来源：CNNVD

在 PHPMailer 5.2.18 之前，isMail transport 中的 mailSend 函数可能会允许远程攻击者向 mail 命令传递额外的参数，从而导致攻击者通过在创建的 Sender 属性中使用“(backslash double quote)执行任意代码。

来源：神龙机器人

漏洞评分(CVSS)

NVD 暂无评分

来源：NVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

来源：神龙机器人, 准确率：N/A

漏洞类别

NVD 暂无漏洞类别信息

来源：NVD

命令注入

来源：CNNVD

情报信息

0x1 POC 情报

PHPMailer < 5.2.18 Remote Code Execution exploit and vulnerable container

详情: https://github.com/opsxcq/exploit-CVE-2016-10033

None

来源：POC-IN-GITHUB

0x2 POC 情报

Prevent PHP vulnerabilities similar to CVE-2016-10033 and CVE-2016-10045.

详情: https://github.com/Zenexer/safeshell

None

来源：POC-IN-GITHUB

0x3 POC 情报

RCE against WordPress 4.6; Python port of https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html

详情: https://github.com/GeneralTesler/CVE-2016-10033

None

来源：POC-IN-GITHUB

0x4 POC 情报

Code and vulnerable WordPress container for exploiting CVE-2016-10033

详情: https://github.com/chipironcin/CVE-2016-10033

None

来源：POC-IN-GITHUB

0x5 POC 情报

WordPress 4.6 - Remote Code Execution (RCE) PoC Exploit

详情: https://github.com/Bajunan/CVE-2016-10033

None

来源：POC-IN-GITHUB

0x6 POC 情报

None

详情: https://github.com/qwertyuiop12138/CVE-2016-10033

None

来源：POC-IN-GITHUB

0x7 POC 情报

None

详情: https://github.com/liusec/WP-CVE-2016-10033

None

来源：POC-IN-GITHUB

0x8 POC 情报

Exploits CVE-2016-10033 and CVE-2016-10045

详情: https://github.com/pedro823/cve-2016-10033-45

None

来源：POC-IN-GITHUB

0x9 POC 情报

To solve CTFS.me problem

详情: https://github.com/awidardi/opsxcq-cve-2016-10033

None

来源：POC-IN-GITHUB

0x10 POC 情报

PHPMailer < 5.2.18 Remote Code Execution Exploit

详情: https://github.com/0x00-0x00/CVE-2016-10033

None

来源：POC-IN-GITHUB

0x11 POC 情报

cve-2016-10033

详情: https://github.com/cved-sources/cve-2016-10033

None

来源：POC-IN-GITHUB

0x12 POC 情报

Remote Code Execution vulnerability in PHPMailer.

详情: https://github.com/j4k0m/CVE-2016-10033

None

来源：POC-IN-GITHUB

0x13 POC 情报

PHPMailer < 5.2.18 Remote Code Execution

详情: https://github.com/zeeshanbhattined/exploit-CVE-2016-10033

None

来源：POC-IN-GITHUB

0x14 POC 情报

wordpress docker

详情: https://github.com/CAOlvchonger/CVE-2016-10033

None

来源：POC-IN-GITHUB

0x15 POC 情报

CTF based around CVE-2016-10033

详情: https://github.com/eb613819/CTF_CVE-2016-10033

None

来源：POC-IN-GITHUB

0x16 POC 情报

CVE-2016-10033 Wordpress 4.6 Exploit

详情: https://github.com/ElnurBDa/CVE-2016-10033

None

来源：POC-IN-GITHUB

0x17 POC 情报

Proof Of Concept for the CVE-2016-10033 (PHPMailer)

详情: https://github.com/Astrowmist/POC-CVE-2016-10033

None

来源：POC-IN-GITHUB

相关链接

https://www.drupal.org/psa-2016-004 x_refsource_CONFIRM
https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.html x_refsource_CONFIRM
http://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection x_refsource_MISC
http://packetstormsecurity.com/files/140291/PHPMailer-Remote-Code-Execution.html x_refsource_MISC
https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities x_refsource_CONFIRM
https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.18 x_refsource_CONFIRM
https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html x_refsource_MISC
http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html x_refsource_MISC
40968 exploit x_refsource_EXPLOIT-DB
41962 exploit x_refsource_EXPLOIT-DB
40969 exploit x_refsource_EXPLOIT-DB
40974 exploit x_refsource_EXPLOIT-DB
40986 exploit x_refsource_EXPLOIT-DB
40970 exploit x_refsource_EXPLOIT-DB
42221 exploit x_refsource_EXPLOIT-DB
41996 exploit x_refsource_EXPLOIT-DB
95108 vdb-entry x_refsource_BID
42024 exploit x_refsource_EXPLOIT-DB
1037533 vdb-entry x_refsource_SECTRACK
20161227 PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033] mailing-list x_refsource_FULLDISC
20161227 PHPMailer < 5.2.18 Remote Code Execution [updated advisory] [CVE-2016-10033] mailing-list x_refsource_BUGTRAQ
https://nvd.nist.gov/vuln/detail/CVE-2016-10033