CVE-2016-10033: CVE-2016-10033

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2016-10033

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

PHPMailer 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

PHPMailer是一个用于发送电子邮件的PHP类库。 PHPMailer 5.2.18之前的版本中的isMail transport的‘mailSend’函数存在安全漏洞，该漏洞源于程序没有设置Sender属性。远程攻击者可利用该漏洞向邮件命令中传递额外的参数，并执行任意代码。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2016-10033

#	POC Description	Source Link	Shenlong Link
1	PHPMailer < 5.2.18 Remote Code Execution exploit and vulnerable container	https://github.com/opsxcq/exploit-CVE-2016-10033	POC Details
2	Prevent PHP vulnerabilities similar to CVE-2016-10033 and CVE-2016-10045.	https://github.com/Zenexer/safeshell	POC Details
3	RCE against WordPress 4.6; Python port of https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html	https://github.com/GeneralTesler/CVE-2016-10033	POC Details
4	Code and vulnerable WordPress container for exploiting CVE-2016-10033	https://github.com/chipironcin/CVE-2016-10033	POC Details
5	WordPress 4.6 - Remote Code Execution (RCE) PoC Exploit	https://github.com/Bajunan/CVE-2016-10033	POC Details
6	None	https://github.com/qwertyuiop12138/CVE-2016-10033	POC Details
7	None	https://github.com/liusec/WP-CVE-2016-10033	POC Details
8	Exploits CVE-2016-10033 and CVE-2016-10045	https://github.com/pedro823/cve-2016-10033-45	POC Details
9	To solve CTFS.me problem	https://github.com/awidardi/opsxcq-cve-2016-10033	POC Details
10	PHPMailer < 5.2.18 Remote Code Execution Exploit	https://github.com/0x00-0x00/CVE-2016-10033	POC Details
11	cve-2016-10033	https://github.com/cved-sources/cve-2016-10033	POC Details
12	Remote Code Execution vulnerability in PHPMailer.	https://github.com/j4k0m/CVE-2016-10033	POC Details
13	PHPMailer < 5.2.18 Remote Code Execution	https://github.com/zeeshanbhattined/exploit-CVE-2016-10033	POC Details
14	wordpress docker	https://github.com/CAOlvchonger/CVE-2016-10033	POC Details
15	CTF based around CVE-2016-10033	https://github.com/eb613819/CTF_CVE-2016-10033	POC Details
16	CVE-2016-10033 Wordpress 4.6 Exploit	https://github.com/ElnurBDa/CVE-2016-10033	POC Details
17	Proof Of Concept for the CVE-2016-10033 (PHPMailer)	https://github.com/Astrowmist/POC-CVE-2016-10033	POC Details
18	WordPress PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " (backslash double quote) in a crafted Sender property in isMail transport.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2016/CVE-2016-10033.yaml	POC Details
19	None	https://github.com/Threekiii/Awesome-POC/blob/master/CMS%E6%BC%8F%E6%B4%9E/Wordpress%204.6%20%E4%BB%BB%E6%84%8F%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20PwnScriptum.md	POC Details
20	A PoC of CVE-2016-10033 I made for PentesterLab	https://github.com/sealldeveloper/CVE-2016-10033-PoC	POC Details
21	None	https://github.com/alexander47777/CVE-2016-10033	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2016-10033

Please Login to view more intelligence information

https://www.drupal.org/psa-2016-004x_refsource_CONFIRM
http://packetstormsecurity.com/files/140291/PHPMailer-Remote-Code-Execution.htmlx_refsource_MISC
https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.18x_refsource_CONFIRM
https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilitiesx_refsource_CONFIRM
http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.htmlx_refsource_MISC
http://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injectionx_refsource_MISC
https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.htmlx_refsource_MISC
https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.htmlx_refsource_CONFIRM
https://www.exploit-db.com/exploits/40986/exploitx_refsource_EXPLOIT-DB
https://www.exploit-db.com/exploits/40969/exploitx_refsource_EXPLOIT-DB
https://www.exploit-db.com/exploits/40970/exploitx_refsource_EXPLOIT-DB
https://www.exploit-db.com/exploits/42024/exploitx_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/95108vdb-entryx_refsource_BID
https://www.exploit-db.com/exploits/40974/exploitx_refsource_EXPLOIT-DB
https://www.exploit-db.com/exploits/41962/exploitx_refsource_EXPLOIT-DB
https://www.exploit-db.com/exploits/40968/exploitx_refsource_EXPLOIT-DB
https://www.exploit-db.com/exploits/41996/exploitx_refsource_EXPLOIT-DB
https://www.exploit-db.com/exploits/42221/exploitx_refsource_EXPLOIT-DB
http://www.securitytracker.com/id/1037533vdb-entryx_refsource_SECTRACK
http://seclists.org/fulldisclosure/2016/Dec/78mailing-listx_refsource_FULLDISC
http://www.securityfocus.com/archive/1/539963/100/0/threadedmailing-listx_refsource_BUGTRAQ
https://nvd.nist.gov/vuln/detail/CVE-2016-10033

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2016-10033

Anonymous User

2025-10-08 03:36:59

Vovan Casino — портал в мир азартных приключений. Здесь каждый спин — шаг в неизведанное. Готовы к приключению? Vovan вход — и вперед к победам! Слоты, рулетка и покер ждут своего героя. Каждая награда — шаг вперёд в вашем путешествии к успеху. Состязания с крупными призами Мгновенные выплаты — заслуженные награды Мобильная версия для игры в пути Vovan Casino — казино для настоящих искателей приключений.

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2016-10033

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2016-10033

III. Intelligence Information for CVE-2016-10033

IV. Related Vulnerabilities

V. Comments for CVE-2016-10033

Anonymous User

Leave a comment