CVE-2016-10033
Description
The mailSend function in the isMail transport in PHPMailer before 5.2.18, when the Sender property is not set, might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a (backslash double quote) in a crafted From address. (CVE-2016-10033)
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
94.47
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Improper Neutralization of Argument Delimiters in a Command (Argument Injection) Vulnerability (CVE-2016-10033) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234