Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-xrtk-1rmg-7uca
Summary
Remote code execution in PHPMailer
### Impact
The `isMail` transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the `mail` command and consequently execute arbitrary code by leveraging improper interaction between the `escapeshellarg` function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033.

This issue really emphasises that it's worth avoiding the built-in PHP `mail()` function entirely.

### Patches
Fixed in 5.2.20

### Workarounds
Send via SMTP to localhost instead of calling the `mail()` function.

### References
https://nvd.nist.gov/vuln/detail/CVE-2016-10045
See also https://nvd.nist.gov/vuln/detail/CVE-2016-10033

### For more information
If you have any questions or comments about this advisory:
* Open a private issue in [the PHPMailer project](https://github.com/PHPMailer/PHPMailer)
Aliases
0
alias CVE-2016-10045
1
alias GHSA-4pc3-96mx-wwc8
Fixed_packages
0
url pkg:alpm/archlinux/wordpress@4.7.1-1
purl pkg:alpm/archlinux/wordpress@4.7.1-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/wordpress@4.7.1-1
1
url pkg:apk/alpine/php5-phpmailer@5.2.0-r1?arch=x86_64&distroversion=v3.4&reponame=main
purl pkg:apk/alpine/php5-phpmailer@5.2.0-r1?arch=x86_64&distroversion=v3.4&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php5-phpmailer@5.2.0-r1%3Farch=x86_64&distroversion=v3.4&reponame=main
2
url pkg:apk/alpine/php5-phpmailer@5.2.0-r1?arch=x86&distroversion=v3.4&reponame=main
purl pkg:apk/alpine/php5-phpmailer@5.2.0-r1?arch=x86&distroversion=v3.4&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php5-phpmailer@5.2.0-r1%3Farch=x86&distroversion=v3.4&reponame=main
3
url pkg:apk/alpine/php5-phpmailer@5.2.0-r1?arch=armhf&distroversion=v3.4&reponame=main
purl pkg:apk/alpine/php5-phpmailer@5.2.0-r1?arch=armhf&distroversion=v3.4&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php5-phpmailer@5.2.0-r1%3Farch=armhf&distroversion=v3.4&reponame=main
4
url pkg:apk/alpine/php5-phpmailer@5.2.4-r1?arch=aarch64&distroversion=v3.5&reponame=main
purl pkg:apk/alpine/php5-phpmailer@5.2.4-r1?arch=aarch64&distroversion=v3.5&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php5-phpmailer@5.2.4-r1%3Farch=aarch64&distroversion=v3.5&reponame=main
5
url pkg:apk/alpine/php5-phpmailer@5.2.4-r1?arch=armhf&distroversion=v3.5&reponame=main
purl pkg:apk/alpine/php5-phpmailer@5.2.4-r1?arch=armhf&distroversion=v3.5&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php5-phpmailer@5.2.4-r1%3Farch=armhf&distroversion=v3.5&reponame=main
6
url pkg:apk/alpine/php5-phpmailer@5.2.4-r1?arch=x86&distroversion=v3.5&reponame=main
purl pkg:apk/alpine/php5-phpmailer@5.2.4-r1?arch=x86&distroversion=v3.5&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php5-phpmailer@5.2.4-r1%3Farch=x86&distroversion=v3.5&reponame=main
7
url pkg:apk/alpine/php5-phpmailer@5.2.4-r1?arch=x86_64&distroversion=v3.5&reponame=main
purl pkg:apk/alpine/php5-phpmailer@5.2.4-r1?arch=x86_64&distroversion=v3.5&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php5-phpmailer@5.2.4-r1%3Farch=x86_64&distroversion=v3.5&reponame=main
8
url pkg:apk/alpine/php-phpmailer@5.2.4-r0?arch=armhf&distroversion=v3.2&reponame=main
purl pkg:apk/alpine/php-phpmailer@5.2.4-r0?arch=armhf&distroversion=v3.2&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php-phpmailer@5.2.4-r0%3Farch=armhf&distroversion=v3.2&reponame=main
9
url pkg:apk/alpine/php-phpmailer@5.2.4-r0?arch=x86&distroversion=v3.2&reponame=main
purl pkg:apk/alpine/php-phpmailer@5.2.4-r0?arch=x86&distroversion=v3.2&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php-phpmailer@5.2.4-r0%3Farch=x86&distroversion=v3.2&reponame=main
10
url pkg:apk/alpine/php-phpmailer@5.2.4-r0?arch=x86_64&distroversion=v3.2&reponame=main
purl pkg:apk/alpine/php-phpmailer@5.2.4-r0?arch=x86_64&distroversion=v3.2&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php-phpmailer@5.2.4-r0%3Farch=x86_64&distroversion=v3.2&reponame=main
11
url pkg:apk/alpine/php-phpmailer@5.2.4-r0?arch=armhf&distroversion=v3.3&reponame=main
purl pkg:apk/alpine/php-phpmailer@5.2.4-r0?arch=armhf&distroversion=v3.3&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php-phpmailer@5.2.4-r0%3Farch=armhf&distroversion=v3.3&reponame=main
12
url pkg:apk/alpine/php-phpmailer@5.2.4-r0?arch=x86&distroversion=v3.3&reponame=main
purl pkg:apk/alpine/php-phpmailer@5.2.4-r0?arch=x86&distroversion=v3.3&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php-phpmailer@5.2.4-r0%3Farch=x86&distroversion=v3.3&reponame=main
13
url pkg:apk/alpine/php-phpmailer@5.2.4-r0?arch=x86_64&distroversion=v3.3&reponame=main
purl pkg:apk/alpine/php-phpmailer@5.2.4-r0?arch=x86_64&distroversion=v3.3&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php-phpmailer@5.2.4-r0%3Farch=x86_64&distroversion=v3.3&reponame=main
14
url pkg:composer/phpmailer/phpmailer@5.2.20
purl pkg:composer/phpmailer/phpmailer@5.2.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-44d3-4txm-cyc3
2
vulnerability VCID-f585-qf89-f7f3
3
vulnerability VCID-jca1-hyks-kud3
4
vulnerability VCID-ywsv-ddhg-b7es
5
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.20
15
url pkg:deb/debian/libphp-phpmailer@0?distro=trixie
purl pkg:deb/debian/libphp-phpmailer@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@0%3Fdistro=trixie
16
url pkg:deb/debian/libphp-phpmailer@6.2.0-2?distro=trixie
purl pkg:deb/debian/libphp-phpmailer@6.2.0-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jca1-hyks-kud3
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@6.2.0-2%3Fdistro=trixie
17
url pkg:deb/debian/libphp-phpmailer@6.6.3-1?distro=trixie
purl pkg:deb/debian/libphp-phpmailer@6.6.3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@6.6.3-1%3Fdistro=trixie
18
url pkg:deb/debian/libphp-phpmailer@6.9.3-1?distro=trixie
purl pkg:deb/debian/libphp-phpmailer@6.9.3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@6.9.3-1%3Fdistro=trixie
Affected_packages
0
url pkg:alpm/archlinux/wordpress@4.7-1
purl pkg:alpm/archlinux/wordpress@4.7-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-198e-9yps-nqfz
1
vulnerability VCID-1axp-38yu-wua1
2
vulnerability VCID-cq4m-3q7u-cbg3
3
vulnerability VCID-cuw7-7fmc-xbc1
4
vulnerability VCID-kpem-j9we-vufs
5
vulnerability VCID-sany-su2d-73cn
6
vulnerability VCID-trn4-a55k-sqad
7
vulnerability VCID-vj6y-1qup-jubg
8
vulnerability VCID-xrtk-1rmg-7uca
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/wordpress@4.7-1
1
url pkg:composer/phpmailer/phpmailer@5.0.0
purl pkg:composer/phpmailer/phpmailer@5.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kvh-8w1t-2kej
1
vulnerability VCID-cq4m-3q7u-cbg3
2
vulnerability VCID-f585-qf89-f7f3
3
vulnerability VCID-xrtk-1rmg-7uca
4
vulnerability VCID-ywsv-ddhg-b7es
5
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.0.0
2
url pkg:composer/phpmailer/phpmailer@5.2.2
purl pkg:composer/phpmailer/phpmailer@5.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-44d3-4txm-cyc3
2
vulnerability VCID-7kvh-8w1t-2kej
3
vulnerability VCID-cq4m-3q7u-cbg3
4
vulnerability VCID-f585-qf89-f7f3
5
vulnerability VCID-jca1-hyks-kud3
6
vulnerability VCID-n13m-y4ks-euep
7
vulnerability VCID-xrtk-1rmg-7uca
8
vulnerability VCID-ywsv-ddhg-b7es
9
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.2
3
url pkg:composer/phpmailer/phpmailer@5.2.4
purl pkg:composer/phpmailer/phpmailer@5.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-44d3-4txm-cyc3
2
vulnerability VCID-7kvh-8w1t-2kej
3
vulnerability VCID-cq4m-3q7u-cbg3
4
vulnerability VCID-f585-qf89-f7f3
5
vulnerability VCID-jca1-hyks-kud3
6
vulnerability VCID-n13m-y4ks-euep
7
vulnerability VCID-xrtk-1rmg-7uca
8
vulnerability VCID-ywsv-ddhg-b7es
9
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.4
4
url pkg:composer/phpmailer/phpmailer@5.2.5
purl pkg:composer/phpmailer/phpmailer@5.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-44d3-4txm-cyc3
2
vulnerability VCID-7kvh-8w1t-2kej
3
vulnerability VCID-cq4m-3q7u-cbg3
4
vulnerability VCID-f585-qf89-f7f3
5
vulnerability VCID-jca1-hyks-kud3
6
vulnerability VCID-n13m-y4ks-euep
7
vulnerability VCID-xrtk-1rmg-7uca
8
vulnerability VCID-ywsv-ddhg-b7es
9
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.5
5
url pkg:composer/phpmailer/phpmailer@5.2.6
purl pkg:composer/phpmailer/phpmailer@5.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-44d3-4txm-cyc3
2
vulnerability VCID-7kvh-8w1t-2kej
3
vulnerability VCID-cq4m-3q7u-cbg3
4
vulnerability VCID-f585-qf89-f7f3
5
vulnerability VCID-jca1-hyks-kud3
6
vulnerability VCID-n13m-y4ks-euep
7
vulnerability VCID-xrtk-1rmg-7uca
8
vulnerability VCID-ywsv-ddhg-b7es
9
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.6
6
url pkg:composer/phpmailer/phpmailer@5.2.7
purl pkg:composer/phpmailer/phpmailer@5.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-44d3-4txm-cyc3
2
vulnerability VCID-7kvh-8w1t-2kej
3
vulnerability VCID-cq4m-3q7u-cbg3
4
vulnerability VCID-f585-qf89-f7f3
5
vulnerability VCID-jca1-hyks-kud3
6
vulnerability VCID-n13m-y4ks-euep
7
vulnerability VCID-xrtk-1rmg-7uca
8
vulnerability VCID-ywsv-ddhg-b7es
9
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.7
7
url pkg:composer/phpmailer/phpmailer@5.2.8
purl pkg:composer/phpmailer/phpmailer@5.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-44d3-4txm-cyc3
2
vulnerability VCID-7kvh-8w1t-2kej
3
vulnerability VCID-cq4m-3q7u-cbg3
4
vulnerability VCID-f585-qf89-f7f3
5
vulnerability VCID-jca1-hyks-kud3
6
vulnerability VCID-n13m-y4ks-euep
7
vulnerability VCID-xrtk-1rmg-7uca
8
vulnerability VCID-ywsv-ddhg-b7es
9
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.8
8
url pkg:composer/phpmailer/phpmailer@5.2.9
purl pkg:composer/phpmailer/phpmailer@5.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-44d3-4txm-cyc3
2
vulnerability VCID-7kvh-8w1t-2kej
3
vulnerability VCID-cq4m-3q7u-cbg3
4
vulnerability VCID-f585-qf89-f7f3
5
vulnerability VCID-jca1-hyks-kud3
6
vulnerability VCID-n13m-y4ks-euep
7
vulnerability VCID-xrtk-1rmg-7uca
8
vulnerability VCID-ywsv-ddhg-b7es
9
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.9
9
url pkg:composer/phpmailer/phpmailer@5.2.10
purl pkg:composer/phpmailer/phpmailer@5.2.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-44d3-4txm-cyc3
2
vulnerability VCID-7kvh-8w1t-2kej
3
vulnerability VCID-cq4m-3q7u-cbg3
4
vulnerability VCID-f585-qf89-f7f3
5
vulnerability VCID-jca1-hyks-kud3
6
vulnerability VCID-xrtk-1rmg-7uca
7
vulnerability VCID-ywsv-ddhg-b7es
8
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.10
10
url pkg:composer/phpmailer/phpmailer@5.2.11
purl pkg:composer/phpmailer/phpmailer@5.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-44d3-4txm-cyc3
2
vulnerability VCID-7kvh-8w1t-2kej
3
vulnerability VCID-cq4m-3q7u-cbg3
4
vulnerability VCID-f585-qf89-f7f3
5
vulnerability VCID-jca1-hyks-kud3
6
vulnerability VCID-xrtk-1rmg-7uca
7
vulnerability VCID-ywsv-ddhg-b7es
8
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.11
11
url pkg:composer/phpmailer/phpmailer@5.2.12
purl pkg:composer/phpmailer/phpmailer@5.2.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-44d3-4txm-cyc3
2
vulnerability VCID-7kvh-8w1t-2kej
3
vulnerability VCID-cq4m-3q7u-cbg3
4
vulnerability VCID-f585-qf89-f7f3
5
vulnerability VCID-jca1-hyks-kud3
6
vulnerability VCID-xrtk-1rmg-7uca
7
vulnerability VCID-ywsv-ddhg-b7es
8
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.12
12
url pkg:composer/phpmailer/phpmailer@5.2.13
purl pkg:composer/phpmailer/phpmailer@5.2.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-44d3-4txm-cyc3
2
vulnerability VCID-7kvh-8w1t-2kej
3
vulnerability VCID-cq4m-3q7u-cbg3
4
vulnerability VCID-f585-qf89-f7f3
5
vulnerability VCID-jca1-hyks-kud3
6
vulnerability VCID-xrtk-1rmg-7uca
7
vulnerability VCID-ywsv-ddhg-b7es
8
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.13
13
url pkg:composer/phpmailer/phpmailer@5.2.14
purl pkg:composer/phpmailer/phpmailer@5.2.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-44d3-4txm-cyc3
2
vulnerability VCID-cq4m-3q7u-cbg3
3
vulnerability VCID-f585-qf89-f7f3
4
vulnerability VCID-jca1-hyks-kud3
5
vulnerability VCID-xrtk-1rmg-7uca
6
vulnerability VCID-ywsv-ddhg-b7es
7
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.14
14
url pkg:composer/phpmailer/phpmailer@5.2.15
purl pkg:composer/phpmailer/phpmailer@5.2.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-44d3-4txm-cyc3
2
vulnerability VCID-cq4m-3q7u-cbg3
3
vulnerability VCID-f585-qf89-f7f3
4
vulnerability VCID-jca1-hyks-kud3
5
vulnerability VCID-xrtk-1rmg-7uca
6
vulnerability VCID-ywsv-ddhg-b7es
7
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.15
15
url pkg:composer/phpmailer/phpmailer@5.2.16
purl pkg:composer/phpmailer/phpmailer@5.2.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-44d3-4txm-cyc3
2
vulnerability VCID-cq4m-3q7u-cbg3
3
vulnerability VCID-f585-qf89-f7f3
4
vulnerability VCID-jca1-hyks-kud3
5
vulnerability VCID-xrtk-1rmg-7uca
6
vulnerability VCID-ywsv-ddhg-b7es
7
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.16
16
url pkg:composer/phpmailer/phpmailer@5.2.17
purl pkg:composer/phpmailer/phpmailer@5.2.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-44d3-4txm-cyc3
2
vulnerability VCID-cq4m-3q7u-cbg3
3
vulnerability VCID-f585-qf89-f7f3
4
vulnerability VCID-jca1-hyks-kud3
5
vulnerability VCID-xrtk-1rmg-7uca
6
vulnerability VCID-ywsv-ddhg-b7es
7
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.17
17
url pkg:composer/phpmailer/phpmailer@5.2.18
purl pkg:composer/phpmailer/phpmailer@5.2.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-44d3-4txm-cyc3
2
vulnerability VCID-f585-qf89-f7f3
3
vulnerability VCID-jca1-hyks-kud3
4
vulnerability VCID-xrtk-1rmg-7uca
5
vulnerability VCID-ywsv-ddhg-b7es
6
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.18
18
url pkg:composer/phpmailer/phpmailer@5.2.19
purl pkg:composer/phpmailer/phpmailer@5.2.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16kp-5zpw-fbha
1
vulnerability VCID-44d3-4txm-cyc3
2
vulnerability VCID-f585-qf89-f7f3
3
vulnerability VCID-jca1-hyks-kud3
4
vulnerability VCID-xrtk-1rmg-7uca
5
vulnerability VCID-ywsv-ddhg-b7es
6
vulnerability VCID-zju7-7wax-zfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.19
References
0
reference_url http://openwall.com/lists/oss-security/2016/12/28/1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2016/12/28/1
1
reference_url http://packetstormsecurity.com/files/140286/PHPMailer-Remote-Code-Execution.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/140286/PHPMailer-Remote-Code-Execution.html
2
reference_url http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-10045
reference_id
reference_type
scores
0
value 0.93368
scoring_system epss
scoring_elements 0.99811
published_at 2026-04-04T12:55:00Z
1
value 0.93368
scoring_system epss
scoring_elements 0.99814
published_at 2026-04-13T12:55:00Z
2
value 0.93368
scoring_system epss
scoring_elements 0.99813
published_at 2026-04-11T12:55:00Z
3
value 0.93368
scoring_system epss
scoring_elements 0.99812
published_at 2026-04-09T12:55:00Z
4
value 0.93368
scoring_system epss
scoring_elements 0.9981
published_at 2026-04-02T12:55:00Z
5
value 0.93368
scoring_system epss
scoring_elements 0.99815
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-10045
4
reference_url https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.html
5
reference_url http://seclists.org/fulldisclosure/2016/Dec/81
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2016/Dec/81
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmailer/phpmailer/CVE-2016-10045.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmailer/phpmailer/CVE-2016-10045.yaml
7
reference_url https://github.com/PHPMailer/PHPMailer
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/PHPMailer/PHPMailer
8
reference_url https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.20
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.20
9
reference_url https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-4pc3-96mx-wwc8
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-4pc3-96mx-wwc8
10
reference_url https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-10045
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-10045
12
reference_url https://www.exploit-db.com/exploits/40969
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/40969
13
reference_url https://www.exploit-db.com/exploits/40986
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/40986
14
reference_url https://www.exploit-db.com/exploits/42221
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/42221
15
reference_url http://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection
16
reference_url https://security.archlinux.org/ASA-201701-22
reference_id ASA-201701-22
reference_type
scores
url https://security.archlinux.org/ASA-201701-22
17
reference_url https://security.archlinux.org/AVG-142
reference_id AVG-142
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-142
18
reference_url https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html
reference_id CVE-2016-10045;CVE-2016-10033
reference_type exploit
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html
19
reference_url https://github.com/advisories/GHSA-4pc3-96mx-wwc8
reference_id GHSA-4pc3-96mx-wwc8
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4pc3-96mx-wwc8
20
reference_url https://usn.ubuntu.com/5956-1/
reference_id USN-5956-1
reference_type
scores
url https://usn.ubuntu.com/5956-1/
Weaknesses
0
cwe_id 77
name Improper Neutralization of Special Elements used in a Command ('Command Injection')
description The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
0
date_added 2017-06-21
description PHPMailer < 5.2.20 with Exim MTA - Remote Code Execution
required_action null
due_date null
notes null
known_ransomware_campaign_use false
source_date_published 2017-06-21
exploit_type webapps
platform php
source_date_updated 2017-08-03
data_source Exploit-DB
source_url
1
date_added null
description 
PHPMailer versions up to and including 5.2.19 are affected by a
          vulnerability which can be leveraged by an attacker to write a file with
          partially controlled contents to an arbitrary location through injection
          of arguments that are passed to the sendmail binary. This module
          writes a payload to the web root of the webserver before then executing
          it with an HTTP request. The user running PHPMailer must have write
          access to the specified WEB_ROOT directory and successful exploitation
          can take a few minutes.
required_action null
due_date null
notes 
Stability:
  - crash-safe
SideEffects:
  - artifacts-on-disk
  - ioc-in-logs
Reliability:
  - repeatable-session
known_ransomware_campaign_use false
source_date_published 2016-12-26
exploit_type null
platform PHP
source_date_updated null
data_source Metasploit
source_url https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/http/phpmailer_arg_injection.rb
Severity_range_score7.0 - 10.0
Exploitability2.0
Weighted_severity9.0
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-xrtk-1rmg-7uca