Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-cq4m-3q7u-cbg3
Summary
Remote code execution in PHPMailer
### Impact
The `mailSend` function in the default `isMail` transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted `Sender` property.

### Patches
Fixed in 5.2.18

### Workarounds
Filter and validate user input before passing it to internal functions.

### References
https://nvd.nist.gov/vuln/detail/CVE-2016-10033
Related to a follow-on issue in https://nvd.nist.gov/vuln/detail/CVE-2016-10045

### For more information
If you have any questions or comments about this advisory:
* Open a private issue in [the PHPMailer project](https://github.com/PHPMailer/PHPMailer)
Aliases
0
alias CVE-2016-10033
1
alias GHSA-5f37-gxvh-23v6
Fixed_packages
0
url pkg:alpm/archlinux/wordpress@4.7.1-1
purl pkg:alpm/archlinux/wordpress@4.7.1-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/wordpress@4.7.1-1
1
url pkg:apk/alpine/php5-phpmailer@5.2.0-r1?arch=x86_64&distroversion=v3.4&reponame=main
purl pkg:apk/alpine/php5-phpmailer@5.2.0-r1?arch=x86_64&distroversion=v3.4&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php5-phpmailer@5.2.0-r1%3Farch=x86_64&distroversion=v3.4&reponame=main
2
url pkg:apk/alpine/php5-phpmailer@5.2.0-r1?arch=x86&distroversion=v3.4&reponame=main
purl pkg:apk/alpine/php5-phpmailer@5.2.0-r1?arch=x86&distroversion=v3.4&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php5-phpmailer@5.2.0-r1%3Farch=x86&distroversion=v3.4&reponame=main
3
url pkg:apk/alpine/php5-phpmailer@5.2.0-r1?arch=armhf&distroversion=v3.4&reponame=main
purl pkg:apk/alpine/php5-phpmailer@5.2.0-r1?arch=armhf&distroversion=v3.4&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php5-phpmailer@5.2.0-r1%3Farch=armhf&distroversion=v3.4&reponame=main
4
url pkg:apk/alpine/php5-phpmailer@5.2.4-r1?arch=aarch64&distroversion=v3.5&reponame=main
purl pkg:apk/alpine/php5-phpmailer@5.2.4-r1?arch=aarch64&distroversion=v3.5&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php5-phpmailer@5.2.4-r1%3Farch=aarch64&distroversion=v3.5&reponame=main
5
url pkg:apk/alpine/php5-phpmailer@5.2.4-r1?arch=armhf&distroversion=v3.5&reponame=main
purl pkg:apk/alpine/php5-phpmailer@5.2.4-r1?arch=armhf&distroversion=v3.5&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php5-phpmailer@5.2.4-r1%3Farch=armhf&distroversion=v3.5&reponame=main
6
url pkg:apk/alpine/php5-phpmailer@5.2.4-r1?arch=x86&distroversion=v3.5&reponame=main
purl pkg:apk/alpine/php5-phpmailer@5.2.4-r1?arch=x86&distroversion=v3.5&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php5-phpmailer@5.2.4-r1%3Farch=x86&distroversion=v3.5&reponame=main
7
url pkg:apk/alpine/php5-phpmailer@5.2.4-r1?arch=x86_64&distroversion=v3.5&reponame=main
purl pkg:apk/alpine/php5-phpmailer@5.2.4-r1?arch=x86_64&distroversion=v3.5&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php5-phpmailer@5.2.4-r1%3Farch=x86_64&distroversion=v3.5&reponame=main
8
url pkg:apk/alpine/php-phpmailer@5.2.4-r0?arch=armhf&distroversion=v3.2&reponame=main
purl pkg:apk/alpine/php-phpmailer@5.2.4-r0?arch=armhf&distroversion=v3.2&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php-phpmailer@5.2.4-r0%3Farch=armhf&distroversion=v3.2&reponame=main
9
url pkg:apk/alpine/php-phpmailer@5.2.4-r0?arch=x86&distroversion=v3.2&reponame=main
purl pkg:apk/alpine/php-phpmailer@5.2.4-r0?arch=x86&distroversion=v3.2&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php-phpmailer@5.2.4-r0%3Farch=x86&distroversion=v3.2&reponame=main
10
url pkg:apk/alpine/php-phpmailer@5.2.4-r0?arch=x86_64&distroversion=v3.2&reponame=main
purl pkg:apk/alpine/php-phpmailer@5.2.4-r0?arch=x86_64&distroversion=v3.2&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php-phpmailer@5.2.4-r0%3Farch=x86_64&distroversion=v3.2&reponame=main
11
url pkg:apk/alpine/php-phpmailer@5.2.4-r0?arch=armhf&distroversion=v3.3&reponame=main
purl pkg:apk/alpine/php-phpmailer@5.2.4-r0?arch=armhf&distroversion=v3.3&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php-phpmailer@5.2.4-r0%3Farch=armhf&distroversion=v3.3&reponame=main
12
url pkg:apk/alpine/php-phpmailer@5.2.4-r0?arch=x86&distroversion=v3.3&reponame=main
purl pkg:apk/alpine/php-phpmailer@5.2.4-r0?arch=x86&distroversion=v3.3&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php-phpmailer@5.2.4-r0%3Farch=x86&distroversion=v3.3&reponame=main
13
url pkg:apk/alpine/php-phpmailer@5.2.4-r0?arch=x86_64&distroversion=v3.3&reponame=main
purl pkg:apk/alpine/php-phpmailer@5.2.4-r0?arch=x86_64&distroversion=v3.3&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php-phpmailer@5.2.4-r0%3Farch=x86_64&distroversion=v3.3&reponame=main
14
url pkg:composer/phpmailer/phpmailer@5.2.18
purl pkg:composer/phpmailer/phpmailer@5.2.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-44d3-4txm-cyc3
2
vulnerability VCID-f585-qf89-f7f3
3
vulnerability VCID-jca1-hyks-kud3
4
vulnerability VCID-xrtk-1rmg-7uca
5
vulnerability VCID-ywsv-ddhg-b7es
6
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.18
15
url pkg:deb/debian/libphp-phpmailer@5.2.9%2Bdfsg-2%2Bdeb8u3
purl pkg:deb/debian/libphp-phpmailer@5.2.9%2Bdfsg-2%2Bdeb8u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-4mjb-ur86-hkaz
2
vulnerability VCID-7kvh-8w1t-2kej
3
vulnerability VCID-cq4m-3q7u-cbg3
4
vulnerability VCID-f585-qf89-f7f3
5
vulnerability VCID-ywsv-ddhg-b7es
6
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@5.2.9%252Bdfsg-2%252Bdeb8u3
16
url pkg:deb/debian/libphp-phpmailer@5.2.14%2Bdfsg-2.1?distro=trixie
purl pkg:deb/debian/libphp-phpmailer@5.2.14%2Bdfsg-2.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@5.2.14%252Bdfsg-2.1%3Fdistro=trixie
17
url pkg:deb/debian/libphp-phpmailer@5.2.14%2Bdfsg-2.3%2Bdeb9u1
purl pkg:deb/debian/libphp-phpmailer@5.2.14%2Bdfsg-2.3%2Bdeb9u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-4mjb-ur86-hkaz
2
vulnerability VCID-f585-qf89-f7f3
3
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@5.2.14%252Bdfsg-2.3%252Bdeb9u1
18
url pkg:deb/debian/libphp-phpmailer@6.2.0-2?distro=trixie
purl pkg:deb/debian/libphp-phpmailer@6.2.0-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jca1-hyks-kud3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@6.2.0-2%3Fdistro=trixie
19
url pkg:deb/debian/libphp-phpmailer@6.6.3-1?distro=trixie
purl pkg:deb/debian/libphp-phpmailer@6.6.3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@6.6.3-1%3Fdistro=trixie
20
url pkg:deb/debian/libphp-phpmailer@6.9.3-1?distro=trixie
purl pkg:deb/debian/libphp-phpmailer@6.9.3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@6.9.3-1%3Fdistro=trixie
Affected_packages
0
url pkg:alpm/archlinux/wordpress@4.7-1
purl pkg:alpm/archlinux/wordpress@4.7-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-198e-9yps-nqfz
1
vulnerability VCID-1axp-38yu-wua1
2
vulnerability VCID-cq4m-3q7u-cbg3
3
vulnerability VCID-cuw7-7fmc-xbc1
4
vulnerability VCID-kpem-j9we-vufs
5
vulnerability VCID-sany-su2d-73cn
6
vulnerability VCID-trn4-a55k-sqad
7
vulnerability VCID-vj6y-1qup-jubg
8
vulnerability VCID-xrtk-1rmg-7uca
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/wordpress@4.7-1
1
url pkg:composer/phpmailer/phpmailer@5.0.0
purl pkg:composer/phpmailer/phpmailer@5.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kvh-8w1t-2kej
1
vulnerability VCID-cq4m-3q7u-cbg3
2
vulnerability VCID-f585-qf89-f7f3
3
vulnerability VCID-xrtk-1rmg-7uca
4
vulnerability VCID-ywsv-ddhg-b7es
5
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.0.0
2
url pkg:composer/phpmailer/phpmailer@5.2.2
purl pkg:composer/phpmailer/phpmailer@5.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-44d3-4txm-cyc3
2
vulnerability VCID-7kvh-8w1t-2kej
3
vulnerability VCID-cq4m-3q7u-cbg3
4
vulnerability VCID-f585-qf89-f7f3
5
vulnerability VCID-jca1-hyks-kud3
6
vulnerability VCID-n13m-y4ks-euep
7
vulnerability VCID-xrtk-1rmg-7uca
8
vulnerability VCID-ywsv-ddhg-b7es
9
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.2
3
url pkg:composer/phpmailer/phpmailer@5.2.4
purl pkg:composer/phpmailer/phpmailer@5.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-44d3-4txm-cyc3
2
vulnerability VCID-7kvh-8w1t-2kej
3
vulnerability VCID-cq4m-3q7u-cbg3
4
vulnerability VCID-f585-qf89-f7f3
5
vulnerability VCID-jca1-hyks-kud3
6
vulnerability VCID-n13m-y4ks-euep
7
vulnerability VCID-xrtk-1rmg-7uca
8
vulnerability VCID-ywsv-ddhg-b7es
9
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.4
4
url pkg:composer/phpmailer/phpmailer@5.2.5
purl pkg:composer/phpmailer/phpmailer@5.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-44d3-4txm-cyc3
2
vulnerability VCID-7kvh-8w1t-2kej
3
vulnerability VCID-cq4m-3q7u-cbg3
4
vulnerability VCID-f585-qf89-f7f3
5
vulnerability VCID-jca1-hyks-kud3
6
vulnerability VCID-n13m-y4ks-euep
7
vulnerability VCID-xrtk-1rmg-7uca
8
vulnerability VCID-ywsv-ddhg-b7es
9
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.5
5
url pkg:composer/phpmailer/phpmailer@5.2.6
purl pkg:composer/phpmailer/phpmailer@5.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-44d3-4txm-cyc3
2
vulnerability VCID-7kvh-8w1t-2kej
3
vulnerability VCID-cq4m-3q7u-cbg3
4
vulnerability VCID-f585-qf89-f7f3
5
vulnerability VCID-jca1-hyks-kud3
6
vulnerability VCID-n13m-y4ks-euep
7
vulnerability VCID-xrtk-1rmg-7uca
8
vulnerability VCID-ywsv-ddhg-b7es
9
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.6
6
url pkg:composer/phpmailer/phpmailer@5.2.7
purl pkg:composer/phpmailer/phpmailer@5.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-44d3-4txm-cyc3
2
vulnerability VCID-7kvh-8w1t-2kej
3
vulnerability VCID-cq4m-3q7u-cbg3
4
vulnerability VCID-f585-qf89-f7f3
5
vulnerability VCID-jca1-hyks-kud3
6
vulnerability VCID-n13m-y4ks-euep
7
vulnerability VCID-xrtk-1rmg-7uca
8
vulnerability VCID-ywsv-ddhg-b7es
9
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.7
7
url pkg:composer/phpmailer/phpmailer@5.2.8
purl pkg:composer/phpmailer/phpmailer@5.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-44d3-4txm-cyc3
2
vulnerability VCID-7kvh-8w1t-2kej
3
vulnerability VCID-cq4m-3q7u-cbg3
4
vulnerability VCID-f585-qf89-f7f3
5
vulnerability VCID-jca1-hyks-kud3
6
vulnerability VCID-n13m-y4ks-euep
7
vulnerability VCID-xrtk-1rmg-7uca
8
vulnerability VCID-ywsv-ddhg-b7es
9
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.8
8
url pkg:composer/phpmailer/phpmailer@5.2.9
purl pkg:composer/phpmailer/phpmailer@5.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-44d3-4txm-cyc3
2
vulnerability VCID-7kvh-8w1t-2kej
3
vulnerability VCID-cq4m-3q7u-cbg3
4
vulnerability VCID-f585-qf89-f7f3
5
vulnerability VCID-jca1-hyks-kud3
6
vulnerability VCID-n13m-y4ks-euep
7
vulnerability VCID-xrtk-1rmg-7uca
8
vulnerability VCID-ywsv-ddhg-b7es
9
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.9
9
url pkg:composer/phpmailer/phpmailer@5.2.10
purl pkg:composer/phpmailer/phpmailer@5.2.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-44d3-4txm-cyc3
2
vulnerability VCID-7kvh-8w1t-2kej
3
vulnerability VCID-cq4m-3q7u-cbg3
4
vulnerability VCID-f585-qf89-f7f3
5
vulnerability VCID-jca1-hyks-kud3
6
vulnerability VCID-xrtk-1rmg-7uca
7
vulnerability VCID-ywsv-ddhg-b7es
8
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.10
10
url pkg:composer/phpmailer/phpmailer@5.2.11
purl pkg:composer/phpmailer/phpmailer@5.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-44d3-4txm-cyc3
2
vulnerability VCID-7kvh-8w1t-2kej
3
vulnerability VCID-cq4m-3q7u-cbg3
4
vulnerability VCID-f585-qf89-f7f3
5
vulnerability VCID-jca1-hyks-kud3
6
vulnerability VCID-xrtk-1rmg-7uca
7
vulnerability VCID-ywsv-ddhg-b7es
8
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.11
11
url pkg:composer/phpmailer/phpmailer@5.2.12
purl pkg:composer/phpmailer/phpmailer@5.2.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-44d3-4txm-cyc3
2
vulnerability VCID-7kvh-8w1t-2kej
3
vulnerability VCID-cq4m-3q7u-cbg3
4
vulnerability VCID-f585-qf89-f7f3
5
vulnerability VCID-jca1-hyks-kud3
6
vulnerability VCID-xrtk-1rmg-7uca
7
vulnerability VCID-ywsv-ddhg-b7es
8
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.12
12
url pkg:composer/phpmailer/phpmailer@5.2.13
purl pkg:composer/phpmailer/phpmailer@5.2.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-44d3-4txm-cyc3
2
vulnerability VCID-7kvh-8w1t-2kej
3
vulnerability VCID-cq4m-3q7u-cbg3
4
vulnerability VCID-f585-qf89-f7f3
5
vulnerability VCID-jca1-hyks-kud3
6
vulnerability VCID-xrtk-1rmg-7uca
7
vulnerability VCID-ywsv-ddhg-b7es
8
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.13
13
url pkg:composer/phpmailer/phpmailer@5.2.14
purl pkg:composer/phpmailer/phpmailer@5.2.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-44d3-4txm-cyc3
2
vulnerability VCID-cq4m-3q7u-cbg3
3
vulnerability VCID-f585-qf89-f7f3
4
vulnerability VCID-jca1-hyks-kud3
5
vulnerability VCID-xrtk-1rmg-7uca
6
vulnerability VCID-ywsv-ddhg-b7es
7
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.14
14
url pkg:composer/phpmailer/phpmailer@5.2.15
purl pkg:composer/phpmailer/phpmailer@5.2.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-44d3-4txm-cyc3
2
vulnerability VCID-cq4m-3q7u-cbg3
3
vulnerability VCID-f585-qf89-f7f3
4
vulnerability VCID-jca1-hyks-kud3
5
vulnerability VCID-xrtk-1rmg-7uca
6
vulnerability VCID-ywsv-ddhg-b7es
7
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.15
15
url pkg:composer/phpmailer/phpmailer@5.2.16
purl pkg:composer/phpmailer/phpmailer@5.2.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-44d3-4txm-cyc3
2
vulnerability VCID-cq4m-3q7u-cbg3
3
vulnerability VCID-f585-qf89-f7f3
4
vulnerability VCID-jca1-hyks-kud3
5
vulnerability VCID-xrtk-1rmg-7uca
6
vulnerability VCID-ywsv-ddhg-b7es
7
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.16
16
url pkg:composer/phpmailer/phpmailer@5.2.17
purl pkg:composer/phpmailer/phpmailer@5.2.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-44d3-4txm-cyc3
2
vulnerability VCID-cq4m-3q7u-cbg3
3
vulnerability VCID-f585-qf89-f7f3
4
vulnerability VCID-jca1-hyks-kud3
5
vulnerability VCID-xrtk-1rmg-7uca
6
vulnerability VCID-ywsv-ddhg-b7es
7
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.17
17
url pkg:deb/debian/libphp-phpmailer@1.73-2
purl pkg:deb/debian/libphp-phpmailer@1.73-2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-4mjb-ur86-hkaz
2
vulnerability VCID-7kvh-8w1t-2kej
3
vulnerability VCID-8msv-t7dq-qkd2
4
vulnerability VCID-cq4m-3q7u-cbg3
5
vulnerability VCID-f585-qf89-f7f3
6
vulnerability VCID-k96h-dr15-ufhv
7
vulnerability VCID-ywsv-ddhg-b7es
8
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@1.73-2
18
url pkg:deb/debian/libphp-phpmailer@1.73-2etch1
purl pkg:deb/debian/libphp-phpmailer@1.73-2etch1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-4mjb-ur86-hkaz
2
vulnerability VCID-7kvh-8w1t-2kej
3
vulnerability VCID-8msv-t7dq-qkd2
4
vulnerability VCID-cq4m-3q7u-cbg3
5
vulnerability VCID-f585-qf89-f7f3
6
vulnerability VCID-k96h-dr15-ufhv
7
vulnerability VCID-ywsv-ddhg-b7es
8
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@1.73-2etch1
19
url pkg:deb/debian/libphp-phpmailer@1.73-6
purl pkg:deb/debian/libphp-phpmailer@1.73-6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-4mjb-ur86-hkaz
2
vulnerability VCID-7kvh-8w1t-2kej
3
vulnerability VCID-8msv-t7dq-qkd2
4
vulnerability VCID-cq4m-3q7u-cbg3
5
vulnerability VCID-f585-qf89-f7f3
6
vulnerability VCID-ywsv-ddhg-b7es
7
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@1.73-6
20
url pkg:deb/debian/libphp-phpmailer@5.1-1
purl pkg:deb/debian/libphp-phpmailer@5.1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-4mjb-ur86-hkaz
2
vulnerability VCID-7kvh-8w1t-2kej
3
vulnerability VCID-8msv-t7dq-qkd2
4
vulnerability VCID-cq4m-3q7u-cbg3
5
vulnerability VCID-f585-qf89-f7f3
6
vulnerability VCID-ywsv-ddhg-b7es
7
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@5.1-1
21
url pkg:deb/debian/libphp-phpmailer@5.1-1%2Bdeb6u11
purl pkg:deb/debian/libphp-phpmailer@5.1-1%2Bdeb6u11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-4mjb-ur86-hkaz
2
vulnerability VCID-7kvh-8w1t-2kej
3
vulnerability VCID-8msv-t7dq-qkd2
4
vulnerability VCID-cq4m-3q7u-cbg3
5
vulnerability VCID-f585-qf89-f7f3
6
vulnerability VCID-ywsv-ddhg-b7es
7
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@5.1-1%252Bdeb6u11
22
url pkg:deb/debian/libphp-phpmailer@5.1-1.1
purl pkg:deb/debian/libphp-phpmailer@5.1-1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-4mjb-ur86-hkaz
2
vulnerability VCID-7kvh-8w1t-2kej
3
vulnerability VCID-8msv-t7dq-qkd2
4
vulnerability VCID-cq4m-3q7u-cbg3
5
vulnerability VCID-f585-qf89-f7f3
6
vulnerability VCID-ywsv-ddhg-b7es
7
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@5.1-1.1
23
url pkg:deb/debian/libphp-phpmailer@5.2.9%2Bdfsg-2
purl pkg:deb/debian/libphp-phpmailer@5.2.9%2Bdfsg-2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-4mjb-ur86-hkaz
2
vulnerability VCID-7kvh-8w1t-2kej
3
vulnerability VCID-8msv-t7dq-qkd2
4
vulnerability VCID-cq4m-3q7u-cbg3
5
vulnerability VCID-f585-qf89-f7f3
6
vulnerability VCID-ywsv-ddhg-b7es
7
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@5.2.9%252Bdfsg-2
24
url pkg:deb/debian/libphp-phpmailer@5.2.9%2Bdfsg-2%2Bdeb8u3
purl pkg:deb/debian/libphp-phpmailer@5.2.9%2Bdfsg-2%2Bdeb8u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-4mjb-ur86-hkaz
2
vulnerability VCID-7kvh-8w1t-2kej
3
vulnerability VCID-cq4m-3q7u-cbg3
4
vulnerability VCID-f585-qf89-f7f3
5
vulnerability VCID-ywsv-ddhg-b7es
6
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@5.2.9%252Bdfsg-2%252Bdeb8u3
References
0
reference_url http://packetstormsecurity.com/files/140291/PHPMailer-Remote-Code-Execution.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/
url http://packetstormsecurity.com/files/140291/PHPMailer-Remote-Code-Execution.html
1
reference_url http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/
url http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-10033
reference_id
reference_type
scores
0
value 0.94465
scoring_system epss
scoring_elements 0.99996
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-10033
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10033
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10033
4
reference_url https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/
url https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.html
5
reference_url http://seclists.org/fulldisclosure/2016/Dec/78
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/
url http://seclists.org/fulldisclosure/2016/Dec/78
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmailer/phpmailer/CVE-2016-10033.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmailer/phpmailer/CVE-2016-10033.yaml
7
reference_url https://github.com/PHPMailer/PHPMailer
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/PHPMailer/PHPMailer
8
reference_url https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.18
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/
url https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.18
9
reference_url https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-5f37-gxvh-23v6
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-5f37-gxvh-23v6
10
reference_url https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/
url https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-10033
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-10033
12
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-10033
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-10033
13
reference_url https://www.drupal.org/psa-2016-004
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/
url https://www.drupal.org/psa-2016-004
14
reference_url https://www.exploit-db.com/exploits/40968
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/40968
15
reference_url https://www.exploit-db.com/exploits/40969
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/40969
16
reference_url https://www.exploit-db.com/exploits/40970
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/40970
17
reference_url https://www.exploit-db.com/exploits/40974
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/40974
18
reference_url https://www.exploit-db.com/exploits/40986
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/40986
19
reference_url https://www.exploit-db.com/exploits/41962
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/41962
20
reference_url https://www.exploit-db.com/exploits/41996
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/41996
21
reference_url https://www.exploit-db.com/exploits/42024
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/42024
22
reference_url https://www.exploit-db.com/exploits/42221
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/42221
23
reference_url http://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/
url http://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection
24
reference_url http://www.securitytracker.com/id/1037533
reference_id 1037533
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/
url http://www.securitytracker.com/id/1037533
25
reference_url https://www.exploit-db.com/exploits/40968/
reference_id 40968
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/
url https://www.exploit-db.com/exploits/40968/
26
reference_url https://www.exploit-db.com/exploits/40969/
reference_id 40969
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/
url https://www.exploit-db.com/exploits/40969/
27
reference_url https://www.exploit-db.com/exploits/40970/
reference_id 40970
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/
url https://www.exploit-db.com/exploits/40970/
28
reference_url https://www.exploit-db.com/exploits/40974/
reference_id 40974
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/
url https://www.exploit-db.com/exploits/40974/
29
reference_url https://www.exploit-db.com/exploits/40986/
reference_id 40986
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/
url https://www.exploit-db.com/exploits/40986/
30
reference_url https://www.exploit-db.com/exploits/41962/
reference_id 41962
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/
url https://www.exploit-db.com/exploits/41962/
31
reference_url https://www.exploit-db.com/exploits/41996/
reference_id 41996
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/
url https://www.exploit-db.com/exploits/41996/
32
reference_url https://www.exploit-db.com/exploits/42024/
reference_id 42024
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/
url https://www.exploit-db.com/exploits/42024/
33
reference_url https://www.exploit-db.com/exploits/42221/
reference_id 42221
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/
url https://www.exploit-db.com/exploits/42221/
34
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849365
reference_id 849365
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849365
35
reference_url http://www.securityfocus.com/bid/95108
reference_id 95108
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/
url http://www.securityfocus.com/bid/95108
36
reference_url https://security.archlinux.org/ASA-201701-22
reference_id ASA-201701-22
reference_type
scores
url https://security.archlinux.org/ASA-201701-22
37
reference_url https://security.archlinux.org/AVG-142
reference_id AVG-142
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-142
38
reference_url https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html
reference_id CVE-2016-10033
reference_type exploit
scores
url https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html
39
reference_url https://github.com/opsxcq/exploit-CVE-2016-10033/commit/1f6642cf116ecb6b6b96b5ec966915d5100adfe3
reference_id CVE-2016-10033
reference_type exploit
scores
url https://github.com/opsxcq/exploit-CVE-2016-10033/commit/1f6642cf116ecb6b6b96b5ec966915d5100adfe3
40
reference_url https://github.com/rapid7/metasploit-framework/blob/1f4ff30adb09c836dc9cb5f2c2024a244cebd08d/modules/exploits/unix/webapp/wp_phpmailer_host_header.rb
reference_id CVE-2016-10033
reference_type exploit
scores
url https://github.com/rapid7/metasploit-framework/blob/1f4ff30adb09c836dc9cb5f2c2024a244cebd08d/modules/exploits/unix/webapp/wp_phpmailer_host_header.rb
41
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/webapps/41962.sh
reference_id CVE-2016-10033
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/webapps/41962.sh
42
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/42024.rb
reference_id CVE-2016-10033
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/42024.rb
43
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/40968.sh
reference_id CVE-2016-10033
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/40968.sh
44
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/40970.php
reference_id CVE-2016-10033
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/40970.php
45
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/40974.py
reference_id CVE-2016-10033
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/40974.py
46
reference_url https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html
reference_id CVE-2016-10033
reference_type exploit
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/
url https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html
47
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/40969.py
reference_id CVE-2016-10045;CVE-2016-10033
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/40969.py
48
reference_url https://exploitbox.io/vuln/Vanilla-Forums-Exploit-RCE-0day-Remote-Code-Exec-CVE-2016-10033.html
reference_id CVE-2016-10073;CVE-2016-10033
reference_type exploit
scores
url https://exploitbox.io/vuln/Vanilla-Forums-Exploit-RCE-0day-Remote-Code-Exec-CVE-2016-10033.html
49
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/41996.sh
reference_id CVE-2016-10073;CVE-2016-10033
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/41996.sh
50
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/40986.py
reference_id CVE-2016-10074;CVE-2016-10045;CVE-2016-10034;CVE-2016-10033
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/40986.py
51
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/42221.py
reference_id CVE-2016-10074;CVE-2016-10045;CVE-2016-10034;CVE-2016-10033
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/42221.py
52
reference_url https://legalhackers.com/videos/PHPMailer-Exploit-Remote-Code-Exec-Vuln-CVE-2016-10033-PoC.html
reference_id CVE-2016-10074;CVE-2016-10045;CVE-2016-10034;CVE-2016-10033
reference_type exploit
scores
url https://legalhackers.com/videos/PHPMailer-Exploit-Remote-Code-Exec-Vuln-CVE-2016-10033-PoC.html
53
reference_url https://github.com/advisories/GHSA-5f37-gxvh-23v6
reference_id GHSA-5f37-gxvh-23v6
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5f37-gxvh-23v6
54
reference_url http://www.securityfocus.com/archive/1/539963/100/0/threaded
reference_id threaded
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/
url http://www.securityfocus.com/archive/1/539963/100/0/threaded
55
reference_url https://usn.ubuntu.com/5956-1/
reference_id USN-5956-1
reference_type
scores
url https://usn.ubuntu.com/5956-1/
Weaknesses
0
cwe_id 77
name Improper Neutralization of Special Elements used in a Command ('Command Injection')
description The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
1
cwe_id 88
name Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
description The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
3
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
0
date_added 2017-06-21
description PHPMailer < 5.2.20 with Exim MTA - Remote Code Execution
required_action null
due_date null
notes null
known_ransomware_campaign_use false
source_date_published 2017-06-21
exploit_type webapps
platform php
source_date_updated 2017-08-03
data_source Exploit-DB
source_url
1
date_added null
description 
This module exploits a command injection vulnerability in WordPress
          version 4.6 with Exim as an MTA via a spoofed Host header to PHPMailer,
          a mail-sending library that is bundled with WordPress.

          A valid WordPress username is required to exploit the vulnerability.
          Additionally, due to the altered Host header, exploitation is limited to
          the default virtual host, assuming the header isn't mangled in transit.

          If the target is running Apache 2.2.32 or 2.4.24 and later, the server
          may have HttpProtocolOptions set to Strict, preventing a Host header
          containing parens from passing through, making exploitation unlikely.
required_action null
due_date null
notes 
Reliability:
  - unknown-reliability
Stability:
  - unknown-stability
SideEffects:
  - unknown-side-effects
known_ransomware_campaign_use false
source_date_published 2017-05-03
exploit_type null
platform Linux
source_date_updated null
data_source Metasploit
source_url https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/unix/webapp/wp_phpmailer_host_header.rb
2
date_added 2025-07-07
description PHPMailer contains a command injection vulnerability because it fails to sanitize user-supplied input. Specifically, this issue affects the 'mail()' function of 'class.phpmailer.php' script. An attacker can exploit this issue to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition.
required_action Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
due_date 2025-07-28
notes This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.18 ; https://github.com/advisories/GHSA-5f37-gxvh-23v6 ; https://nvd.nist.gov/vuln/detail/CVE-2016-10033
known_ransomware_campaign_use false
source_date_published null
exploit_type null
platform null
source_date_updated null
data_source KEV
source_url null
Severity_range_score7.0 - 10.0
Exploitability2.0
Weighted_severity9.0
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-cq4m-3q7u-cbg3