Vulnerability Instance

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/vulnerabilities/33422?format=api",
    "vulnerability_id": "VCID-cq4m-3q7u-cbg3",
    "summary": "Remote code execution in PHPMailer\n### Impact\nThe `mailSend` function in the default `isMail` transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \\" (backslash double quote) in a crafted `Sender` property.\n\n### Patches\nFixed in 5.2.18\n\n### Workarounds\nFilter and validate user input before passing it to internal functions.\n\n### References\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10033\nRelated to a follow-on issue in https://nvd.nist.gov/vuln/detail/CVE-2016-10045\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open a private issue in [the PHPMailer project](https://github.com/PHPMailer/PHPMailer)",
    "aliases": [
        {
            "alias": "CVE-2016-10033"
        },
        {
            "alias": "GHSA-5f37-gxvh-23v6"
        }
    ],
    "fixed_packages": [
        {
            "url": "http://public2.vulnerablecode.io/api/packages/373083?format=api",
            "purl": "pkg:alpm/archlinux/wordpress@4.7.1-1",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/wordpress@4.7.1-1"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/522831?format=api",
            "purl": "pkg:apk/alpine/php5-phpmailer@5.2.0-r1?arch=armhf&distroversion=v3.4&reponame=main",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php5-phpmailer@5.2.0-r1%3Farch=armhf&distroversion=v3.4&reponame=main"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/522832?format=api",
            "purl": "pkg:apk/alpine/php5-phpmailer@5.2.0-r1?arch=x86&distroversion=v3.4&reponame=main",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php5-phpmailer@5.2.0-r1%3Farch=x86&distroversion=v3.4&reponame=main"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/522833?format=api",
            "purl": "pkg:apk/alpine/php5-phpmailer@5.2.0-r1?arch=x86_64&distroversion=v3.4&reponame=main",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php5-phpmailer@5.2.0-r1%3Farch=x86_64&distroversion=v3.4&reponame=main"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/498943?format=api",
            "purl": "pkg:apk/alpine/php5-phpmailer@5.2.4-r1?arch=armhf&distroversion=v3.5&reponame=main",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php5-phpmailer@5.2.4-r1%3Farch=armhf&distroversion=v3.5&reponame=main"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/498944?format=api",
            "purl": "pkg:apk/alpine/php5-phpmailer@5.2.4-r1?arch=x86&distroversion=v3.5&reponame=main",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php5-phpmailer@5.2.4-r1%3Farch=x86&distroversion=v3.5&reponame=main"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/498942?format=api",
            "purl": "pkg:apk/alpine/php5-phpmailer@5.2.4-r1?arch=aarch64&distroversion=v3.5&reponame=main",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php5-phpmailer@5.2.4-r1%3Farch=aarch64&distroversion=v3.5&reponame=main"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/498945?format=api",
            "purl": "pkg:apk/alpine/php5-phpmailer@5.2.4-r1?arch=x86_64&distroversion=v3.5&reponame=main",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php5-phpmailer@5.2.4-r1%3Farch=x86_64&distroversion=v3.5&reponame=main"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/463065?format=api",
            "purl": "pkg:apk/alpine/php-phpmailer@5.2.4-r0?arch=armhf&distroversion=v3.2&reponame=main",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php-phpmailer@5.2.4-r0%3Farch=armhf&distroversion=v3.2&reponame=main"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/463066?format=api",
            "purl": "pkg:apk/alpine/php-phpmailer@5.2.4-r0?arch=x86&distroversion=v3.2&reponame=main",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php-phpmailer@5.2.4-r0%3Farch=x86&distroversion=v3.2&reponame=main"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/463067?format=api",
            "purl": "pkg:apk/alpine/php-phpmailer@5.2.4-r0?arch=x86_64&distroversion=v3.2&reponame=main",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php-phpmailer@5.2.4-r0%3Farch=x86_64&distroversion=v3.2&reponame=main"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/532180?format=api",
            "purl": "pkg:apk/alpine/php-phpmailer@5.2.4-r0?arch=armhf&distroversion=v3.3&reponame=main",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php-phpmailer@5.2.4-r0%3Farch=armhf&distroversion=v3.3&reponame=main"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/532181?format=api",
            "purl": "pkg:apk/alpine/php-phpmailer@5.2.4-r0?arch=x86&distroversion=v3.3&reponame=main",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php-phpmailer@5.2.4-r0%3Farch=x86&distroversion=v3.3&reponame=main"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/532182?format=api",
            "purl": "pkg:apk/alpine/php-phpmailer@5.2.4-r0?arch=x86_64&distroversion=v3.3&reponame=main",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php-phpmailer@5.2.4-r0%3Farch=x86_64&distroversion=v3.3&reponame=main"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/73211?format=api",
            "purl": "pkg:composer/phpmailer/phpmailer@5.2.18",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-16kp-5zpw-fbha"
                },
                {
                    "vulnerability": "VCID-44d3-4txm-cyc3"
                },
                {
                    "vulnerability": "VCID-f585-qf89-f7f3"
                },
                {
                    "vulnerability": "VCID-jca1-hyks-kud3"
                },
                {
                    "vulnerability": "VCID-xrtk-1rmg-7uca"
                },
                {
                    "vulnerability": "VCID-ywsv-ddhg-b7es"
                },
                {
                    "vulnerability": "VCID-zju7-7wax-zfhz"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.18"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1036565?format=api",
            "purl": "pkg:deb/debian/libphp-phpmailer@5.2.9%2Bdfsg-2%2Bdeb8u3",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-16kp-5zpw-fbha"
                },
                {
                    "vulnerability": "VCID-4mjb-ur86-hkaz"
                },
                {
                    "vulnerability": "VCID-7kvh-8w1t-2kej"
                },
                {
                    "vulnerability": "VCID-cq4m-3q7u-cbg3"
                },
                {
                    "vulnerability": "VCID-f585-qf89-f7f3"
                },
                {
                    "vulnerability": "VCID-ywsv-ddhg-b7es"
                },
                {
                    "vulnerability": "VCID-zju7-7wax-zfhz"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@5.2.9%252Bdfsg-2%252Bdeb8u3"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/928213?format=api",
            "purl": "pkg:deb/debian/libphp-phpmailer@5.2.14%2Bdfsg-2.1?distro=trixie",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@5.2.14%252Bdfsg-2.1%3Fdistro=trixie"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1037012?format=api",
            "purl": "pkg:deb/debian/libphp-phpmailer@5.2.14%2Bdfsg-2.3%2Bdeb9u1",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-16kp-5zpw-fbha"
                },
                {
                    "vulnerability": "VCID-4mjb-ur86-hkaz"
                },
                {
                    "vulnerability": "VCID-f585-qf89-f7f3"
                },
                {
                    "vulnerability": "VCID-zju7-7wax-zfhz"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@5.2.14%252Bdfsg-2.3%252Bdeb9u1"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/928209?format=api",
            "purl": "pkg:deb/debian/libphp-phpmailer@6.2.0-2?distro=trixie",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-jca1-hyks-kud3"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@6.2.0-2%3Fdistro=trixie"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/928207?format=api",
            "purl": "pkg:deb/debian/libphp-phpmailer@6.6.3-1?distro=trixie",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@6.6.3-1%3Fdistro=trixie"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/928210?format=api",
            "purl": "pkg:deb/debian/libphp-phpmailer@6.9.3-1?distro=trixie",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@6.9.3-1%3Fdistro=trixie"
        }
    ],
    "affected_packages": [
        {
            "url": "http://public2.vulnerablecode.io/api/packages/373082?format=api",
            "purl": "pkg:alpm/archlinux/wordpress@4.7-1",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-198e-9yps-nqfz"
                },
                {
                    "vulnerability": "VCID-1axp-38yu-wua1"
                },
                {
                    "vulnerability": "VCID-cq4m-3q7u-cbg3"
                },
                {
                    "vulnerability": "VCID-cuw7-7fmc-xbc1"
                },
                {
                    "vulnerability": "VCID-kpem-j9we-vufs"
                },
                {
                    "vulnerability": "VCID-sany-su2d-73cn"
                },
                {
                    "vulnerability": "VCID-trn4-a55k-sqad"
                },
                {
                    "vulnerability": "VCID-vj6y-1qup-jubg"
                },
                {
                    "vulnerability": "VCID-xrtk-1rmg-7uca"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/wordpress@4.7-1"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/24425?format=api",
            "purl": "pkg:composer/phpmailer/phpmailer@5.0.0",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-7kvh-8w1t-2kej"
                },
                {
                    "vulnerability": "VCID-cq4m-3q7u-cbg3"
                },
                {
                    "vulnerability": "VCID-f585-qf89-f7f3"
                },
                {
                    "vulnerability": "VCID-xrtk-1rmg-7uca"
                },
                {
                    "vulnerability": "VCID-ywsv-ddhg-b7es"
                },
                {
                    "vulnerability": "VCID-zju7-7wax-zfhz"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.0.0"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/153733?format=api",
            "purl": "pkg:composer/phpmailer/phpmailer@5.2.2",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-16kp-5zpw-fbha"
                },
                {
                    "vulnerability": "VCID-44d3-4txm-cyc3"
                },
                {
                    "vulnerability": "VCID-7kvh-8w1t-2kej"
                },
                {
                    "vulnerability": "VCID-cq4m-3q7u-cbg3"
                },
                {
                    "vulnerability": "VCID-f585-qf89-f7f3"
                },
                {
                    "vulnerability": "VCID-jca1-hyks-kud3"
                },
                {
                    "vulnerability": "VCID-n13m-y4ks-euep"
                },
                {
                    "vulnerability": "VCID-xrtk-1rmg-7uca"
                },
                {
                    "vulnerability": "VCID-ywsv-ddhg-b7es"
                },
                {
                    "vulnerability": "VCID-zju7-7wax-zfhz"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.2"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/153734?format=api",
            "purl": "pkg:composer/phpmailer/phpmailer@5.2.4",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-16kp-5zpw-fbha"
                },
                {
                    "vulnerability": "VCID-44d3-4txm-cyc3"
                },
                {
                    "vulnerability": "VCID-7kvh-8w1t-2kej"
                },
                {
                    "vulnerability": "VCID-cq4m-3q7u-cbg3"
                },
                {
                    "vulnerability": "VCID-f585-qf89-f7f3"
                },
                {
                    "vulnerability": "VCID-jca1-hyks-kud3"
                },
                {
                    "vulnerability": "VCID-n13m-y4ks-euep"
                },
                {
                    "vulnerability": "VCID-xrtk-1rmg-7uca"
                },
                {
                    "vulnerability": "VCID-ywsv-ddhg-b7es"
                },
                {
                    "vulnerability": "VCID-zju7-7wax-zfhz"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.4"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/153735?format=api",
            "purl": "pkg:composer/phpmailer/phpmailer@5.2.5",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-16kp-5zpw-fbha"
                },
                {
                    "vulnerability": "VCID-44d3-4txm-cyc3"
                },
                {
                    "vulnerability": "VCID-7kvh-8w1t-2kej"
                },
                {
                    "vulnerability": "VCID-cq4m-3q7u-cbg3"
                },
                {
                    "vulnerability": "VCID-f585-qf89-f7f3"
                },
                {
                    "vulnerability": "VCID-jca1-hyks-kud3"
                },
                {
                    "vulnerability": "VCID-n13m-y4ks-euep"
                },
                {
                    "vulnerability": "VCID-xrtk-1rmg-7uca"
                },
                {
                    "vulnerability": "VCID-ywsv-ddhg-b7es"
                },
                {
                    "vulnerability": "VCID-zju7-7wax-zfhz"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.5"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/153736?format=api",
            "purl": "pkg:composer/phpmailer/phpmailer@5.2.6",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-16kp-5zpw-fbha"
                },
                {
                    "vulnerability": "VCID-44d3-4txm-cyc3"
                },
                {
                    "vulnerability": "VCID-7kvh-8w1t-2kej"
                },
                {
                    "vulnerability": "VCID-cq4m-3q7u-cbg3"
                },
                {
                    "vulnerability": "VCID-f585-qf89-f7f3"
                },
                {
                    "vulnerability": "VCID-jca1-hyks-kud3"
                },
                {
                    "vulnerability": "VCID-n13m-y4ks-euep"
                },
                {
                    "vulnerability": "VCID-xrtk-1rmg-7uca"
                },
                {
                    "vulnerability": "VCID-ywsv-ddhg-b7es"
                },
                {
                    "vulnerability": "VCID-zju7-7wax-zfhz"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.6"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/153737?format=api",
            "purl": "pkg:composer/phpmailer/phpmailer@5.2.7",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-16kp-5zpw-fbha"
                },
                {
                    "vulnerability": "VCID-44d3-4txm-cyc3"
                },
                {
                    "vulnerability": "VCID-7kvh-8w1t-2kej"
                },
                {
                    "vulnerability": "VCID-cq4m-3q7u-cbg3"
                },
                {
                    "vulnerability": "VCID-f585-qf89-f7f3"
                },
                {
                    "vulnerability": "VCID-jca1-hyks-kud3"
                },
                {
                    "vulnerability": "VCID-n13m-y4ks-euep"
                },
                {
                    "vulnerability": "VCID-xrtk-1rmg-7uca"
                },
                {
                    "vulnerability": "VCID-ywsv-ddhg-b7es"
                },
                {
                    "vulnerability": "VCID-zju7-7wax-zfhz"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.7"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/153738?format=api",
            "purl": "pkg:composer/phpmailer/phpmailer@5.2.8",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-16kp-5zpw-fbha"
                },
                {
                    "vulnerability": "VCID-44d3-4txm-cyc3"
                },
                {
                    "vulnerability": "VCID-7kvh-8w1t-2kej"
                },
                {
                    "vulnerability": "VCID-cq4m-3q7u-cbg3"
                },
                {
                    "vulnerability": "VCID-f585-qf89-f7f3"
                },
                {
                    "vulnerability": "VCID-jca1-hyks-kud3"
                },
                {
                    "vulnerability": "VCID-n13m-y4ks-euep"
                },
                {
                    "vulnerability": "VCID-xrtk-1rmg-7uca"
                },
                {
                    "vulnerability": "VCID-ywsv-ddhg-b7es"
                },
                {
                    "vulnerability": "VCID-zju7-7wax-zfhz"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.8"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/153739?format=api",
            "purl": "pkg:composer/phpmailer/phpmailer@5.2.9",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-16kp-5zpw-fbha"
                },
                {
                    "vulnerability": "VCID-44d3-4txm-cyc3"
                },
                {
                    "vulnerability": "VCID-7kvh-8w1t-2kej"
                },
                {
                    "vulnerability": "VCID-cq4m-3q7u-cbg3"
                },
                {
                    "vulnerability": "VCID-f585-qf89-f7f3"
                },
                {
                    "vulnerability": "VCID-jca1-hyks-kud3"
                },
                {
                    "vulnerability": "VCID-n13m-y4ks-euep"
                },
                {
                    "vulnerability": "VCID-xrtk-1rmg-7uca"
                },
                {
                    "vulnerability": "VCID-ywsv-ddhg-b7es"
                },
                {
                    "vulnerability": "VCID-zju7-7wax-zfhz"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.9"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/54887?format=api",
            "purl": "pkg:composer/phpmailer/phpmailer@5.2.10",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-16kp-5zpw-fbha"
                },
                {
                    "vulnerability": "VCID-44d3-4txm-cyc3"
                },
                {
                    "vulnerability": "VCID-7kvh-8w1t-2kej"
                },
                {
                    "vulnerability": "VCID-cq4m-3q7u-cbg3"
                },
                {
                    "vulnerability": "VCID-f585-qf89-f7f3"
                },
                {
                    "vulnerability": "VCID-jca1-hyks-kud3"
                },
                {
                    "vulnerability": "VCID-xrtk-1rmg-7uca"
                },
                {
                    "vulnerability": "VCID-ywsv-ddhg-b7es"
                },
                {
                    "vulnerability": "VCID-zju7-7wax-zfhz"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.10"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/153740?format=api",
            "purl": "pkg:composer/phpmailer/phpmailer@5.2.11",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-16kp-5zpw-fbha"
                },
                {
                    "vulnerability": "VCID-44d3-4txm-cyc3"
                },
                {
                    "vulnerability": "VCID-7kvh-8w1t-2kej"
                },
                {
                    "vulnerability": "VCID-cq4m-3q7u-cbg3"
                },
                {
                    "vulnerability": "VCID-f585-qf89-f7f3"
                },
                {
                    "vulnerability": "VCID-jca1-hyks-kud3"
                },
                {
                    "vulnerability": "VCID-xrtk-1rmg-7uca"
                },
                {
                    "vulnerability": "VCID-ywsv-ddhg-b7es"
                },
                {
                    "vulnerability": "VCID-zju7-7wax-zfhz"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.11"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/153741?format=api",
            "purl": "pkg:composer/phpmailer/phpmailer@5.2.12",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-16kp-5zpw-fbha"
                },
                {
                    "vulnerability": "VCID-44d3-4txm-cyc3"
                },
                {
                    "vulnerability": "VCID-7kvh-8w1t-2kej"
                },
                {
                    "vulnerability": "VCID-cq4m-3q7u-cbg3"
                },
                {
                    "vulnerability": "VCID-f585-qf89-f7f3"
                },
                {
                    "vulnerability": "VCID-jca1-hyks-kud3"
                },
                {
                    "vulnerability": "VCID-xrtk-1rmg-7uca"
                },
                {
                    "vulnerability": "VCID-ywsv-ddhg-b7es"
                },
                {
                    "vulnerability": "VCID-zju7-7wax-zfhz"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.12"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/153742?format=api",
            "purl": "pkg:composer/phpmailer/phpmailer@5.2.13",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-16kp-5zpw-fbha"
                },
                {
                    "vulnerability": "VCID-44d3-4txm-cyc3"
                },
                {
                    "vulnerability": "VCID-7kvh-8w1t-2kej"
                },
                {
                    "vulnerability": "VCID-cq4m-3q7u-cbg3"
                },
                {
                    "vulnerability": "VCID-f585-qf89-f7f3"
                },
                {
                    "vulnerability": "VCID-jca1-hyks-kud3"
                },
                {
                    "vulnerability": "VCID-xrtk-1rmg-7uca"
                },
                {
                    "vulnerability": "VCID-ywsv-ddhg-b7es"
                },
                {
                    "vulnerability": "VCID-zju7-7wax-zfhz"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.13"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/21470?format=api",
            "purl": "pkg:composer/phpmailer/phpmailer@5.2.14",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-16kp-5zpw-fbha"
                },
                {
                    "vulnerability": "VCID-44d3-4txm-cyc3"
                },
                {
                    "vulnerability": "VCID-cq4m-3q7u-cbg3"
                },
                {
                    "vulnerability": "VCID-f585-qf89-f7f3"
                },
                {
                    "vulnerability": "VCID-jca1-hyks-kud3"
                },
                {
                    "vulnerability": "VCID-xrtk-1rmg-7uca"
                },
                {
                    "vulnerability": "VCID-ywsv-ddhg-b7es"
                },
                {
                    "vulnerability": "VCID-zju7-7wax-zfhz"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.14"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/159797?format=api",
            "purl": "pkg:composer/phpmailer/phpmailer@5.2.15",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-16kp-5zpw-fbha"
                },
                {
                    "vulnerability": "VCID-44d3-4txm-cyc3"
                },
                {
                    "vulnerability": "VCID-cq4m-3q7u-cbg3"
                },
                {
                    "vulnerability": "VCID-f585-qf89-f7f3"
                },
                {
                    "vulnerability": "VCID-jca1-hyks-kud3"
                },
                {
                    "vulnerability": "VCID-xrtk-1rmg-7uca"
                },
                {
                    "vulnerability": "VCID-ywsv-ddhg-b7es"
                },
                {
                    "vulnerability": "VCID-zju7-7wax-zfhz"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.15"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/159798?format=api",
            "purl": "pkg:composer/phpmailer/phpmailer@5.2.16",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-16kp-5zpw-fbha"
                },
                {
                    "vulnerability": "VCID-44d3-4txm-cyc3"
                },
                {
                    "vulnerability": "VCID-cq4m-3q7u-cbg3"
                },
                {
                    "vulnerability": "VCID-f585-qf89-f7f3"
                },
                {
                    "vulnerability": "VCID-jca1-hyks-kud3"
                },
                {
                    "vulnerability": "VCID-xrtk-1rmg-7uca"
                },
                {
                    "vulnerability": "VCID-ywsv-ddhg-b7es"
                },
                {
                    "vulnerability": "VCID-zju7-7wax-zfhz"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.16"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/159799?format=api",
            "purl": "pkg:composer/phpmailer/phpmailer@5.2.17",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-16kp-5zpw-fbha"
                },
                {
                    "vulnerability": "VCID-44d3-4txm-cyc3"
                },
                {
                    "vulnerability": "VCID-cq4m-3q7u-cbg3"
                },
                {
                    "vulnerability": "VCID-f585-qf89-f7f3"
                },
                {
                    "vulnerability": "VCID-jca1-hyks-kud3"
                },
                {
                    "vulnerability": "VCID-xrtk-1rmg-7uca"
                },
                {
                    "vulnerability": "VCID-ywsv-ddhg-b7es"
                },
                {
                    "vulnerability": "VCID-zju7-7wax-zfhz"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmailer/phpmailer@5.2.17"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/571138?format=api",
            "purl": "pkg:deb/debian/libphp-phpmailer@1.73-2",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-16kp-5zpw-fbha"
                },
                {
                    "vulnerability": "VCID-4mjb-ur86-hkaz"
                },
                {
                    "vulnerability": "VCID-7kvh-8w1t-2kej"
                },
                {
                    "vulnerability": "VCID-8msv-t7dq-qkd2"
                },
                {
                    "vulnerability": "VCID-cq4m-3q7u-cbg3"
                },
                {
                    "vulnerability": "VCID-f585-qf89-f7f3"
                },
                {
                    "vulnerability": "VCID-k96h-dr15-ufhv"
                },
                {
                    "vulnerability": "VCID-ywsv-ddhg-b7es"
                },
                {
                    "vulnerability": "VCID-zju7-7wax-zfhz"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@1.73-2"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/571139?format=api",
            "purl": "pkg:deb/debian/libphp-phpmailer@1.73-2etch1",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-16kp-5zpw-fbha"
                },
                {
                    "vulnerability": "VCID-4mjb-ur86-hkaz"
                },
                {
                    "vulnerability": "VCID-7kvh-8w1t-2kej"
                },
                {
                    "vulnerability": "VCID-8msv-t7dq-qkd2"
                },
                {
                    "vulnerability": "VCID-cq4m-3q7u-cbg3"
                },
                {
                    "vulnerability": "VCID-f585-qf89-f7f3"
                },
                {
                    "vulnerability": "VCID-k96h-dr15-ufhv"
                },
                {
                    "vulnerability": "VCID-ywsv-ddhg-b7es"
                },
                {
                    "vulnerability": "VCID-zju7-7wax-zfhz"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@1.73-2etch1"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/571140?format=api",
            "purl": "pkg:deb/debian/libphp-phpmailer@1.73-6",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-16kp-5zpw-fbha"
                },
                {
                    "vulnerability": "VCID-4mjb-ur86-hkaz"
                },
                {
                    "vulnerability": "VCID-7kvh-8w1t-2kej"
                },
                {
                    "vulnerability": "VCID-8msv-t7dq-qkd2"
                },
                {
                    "vulnerability": "VCID-cq4m-3q7u-cbg3"
                },
                {
                    "vulnerability": "VCID-f585-qf89-f7f3"
                },
                {
                    "vulnerability": "VCID-ywsv-ddhg-b7es"
                },
                {
                    "vulnerability": "VCID-zju7-7wax-zfhz"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@1.73-6"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/571141?format=api",
            "purl": "pkg:deb/debian/libphp-phpmailer@5.1-1",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-16kp-5zpw-fbha"
                },
                {
                    "vulnerability": "VCID-4mjb-ur86-hkaz"
                },
                {
                    "vulnerability": "VCID-7kvh-8w1t-2kej"
                },
                {
                    "vulnerability": "VCID-8msv-t7dq-qkd2"
                },
                {
                    "vulnerability": "VCID-cq4m-3q7u-cbg3"
                },
                {
                    "vulnerability": "VCID-f585-qf89-f7f3"
                },
                {
                    "vulnerability": "VCID-ywsv-ddhg-b7es"
                },
                {
                    "vulnerability": "VCID-zju7-7wax-zfhz"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@5.1-1"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/571142?format=api",
            "purl": "pkg:deb/debian/libphp-phpmailer@5.1-1%2Bdeb6u11",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-16kp-5zpw-fbha"
                },
                {
                    "vulnerability": "VCID-4mjb-ur86-hkaz"
                },
                {
                    "vulnerability": "VCID-7kvh-8w1t-2kej"
                },
                {
                    "vulnerability": "VCID-8msv-t7dq-qkd2"
                },
                {
                    "vulnerability": "VCID-cq4m-3q7u-cbg3"
                },
                {
                    "vulnerability": "VCID-f585-qf89-f7f3"
                },
                {
                    "vulnerability": "VCID-ywsv-ddhg-b7es"
                },
                {
                    "vulnerability": "VCID-zju7-7wax-zfhz"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@5.1-1%252Bdeb6u11"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/571143?format=api",
            "purl": "pkg:deb/debian/libphp-phpmailer@5.1-1.1",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-16kp-5zpw-fbha"
                },
                {
                    "vulnerability": "VCID-4mjb-ur86-hkaz"
                },
                {
                    "vulnerability": "VCID-7kvh-8w1t-2kej"
                },
                {
                    "vulnerability": "VCID-8msv-t7dq-qkd2"
                },
                {
                    "vulnerability": "VCID-cq4m-3q7u-cbg3"
                },
                {
                    "vulnerability": "VCID-f585-qf89-f7f3"
                },
                {
                    "vulnerability": "VCID-ywsv-ddhg-b7es"
                },
                {
                    "vulnerability": "VCID-zju7-7wax-zfhz"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@5.1-1.1"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1036564?format=api",
            "purl": "pkg:deb/debian/libphp-phpmailer@5.2.9%2Bdfsg-2",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-16kp-5zpw-fbha"
                },
                {
                    "vulnerability": "VCID-4mjb-ur86-hkaz"
                },
                {
                    "vulnerability": "VCID-7kvh-8w1t-2kej"
                },
                {
                    "vulnerability": "VCID-8msv-t7dq-qkd2"
                },
                {
                    "vulnerability": "VCID-cq4m-3q7u-cbg3"
                },
                {
                    "vulnerability": "VCID-f585-qf89-f7f3"
                },
                {
                    "vulnerability": "VCID-ywsv-ddhg-b7es"
                },
                {
                    "vulnerability": "VCID-zju7-7wax-zfhz"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@5.2.9%252Bdfsg-2"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1036565?format=api",
            "purl": "pkg:deb/debian/libphp-phpmailer@5.2.9%2Bdfsg-2%2Bdeb8u3",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-16kp-5zpw-fbha"
                },
                {
                    "vulnerability": "VCID-4mjb-ur86-hkaz"
                },
                {
                    "vulnerability": "VCID-7kvh-8w1t-2kej"
                },
                {
                    "vulnerability": "VCID-cq4m-3q7u-cbg3"
                },
                {
                    "vulnerability": "VCID-f585-qf89-f7f3"
                },
                {
                    "vulnerability": "VCID-ywsv-ddhg-b7es"
                },
                {
                    "vulnerability": "VCID-zju7-7wax-zfhz"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libphp-phpmailer@5.2.9%252Bdfsg-2%252Bdeb8u3"
        }
    ],
    "references": [
        {
            "reference_url": "http://packetstormsecurity.com/files/140291/PHPMailer-Remote-Code-Execution.html",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"
                },
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                },
                {
                    "value": "CRITICAL",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                },
                {
                    "value": "Act",
                    "scoring_system": "ssvc",
                    "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/"
                }
            ],
            "url": "http://packetstormsecurity.com/files/140291/PHPMailer-Remote-Code-Execution.html"
        },
        {
            "reference_url": "http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"
                },
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                },
                {
                    "value": "CRITICAL",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                },
                {
                    "value": "Act",
                    "scoring_system": "ssvc",
                    "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/"
                }
            ],
            "url": "http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html"
        },
        {
            "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10033",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "0.94443",
                    "scoring_system": "epss",
                    "scoring_elements": "0.99991",
                    "published_at": "2026-05-07T12:55:00Z"
                },
                {
                    "value": "0.94465",
                    "scoring_system": "epss",
                    "scoring_elements": "0.99996",
                    "published_at": "2026-05-14T12:55:00Z"
                }
            ],
            "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10033"
        },
        {
            "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10033",
            "reference_id": "",
            "reference_type": "",
            "scores": [],
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10033"
        },
        {
            "reference_url": "https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.html",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"
                },
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                },
                {
                    "value": "CRITICAL",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                },
                {
                    "value": "Act",
                    "scoring_system": "ssvc",
                    "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/"
                }
            ],
            "url": "https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.html"
        },
        {
            "reference_url": "http://seclists.org/fulldisclosure/2016/Dec/78",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                },
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"
                },
                {
                    "value": "CRITICAL",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                },
                {
                    "value": "Act",
                    "scoring_system": "ssvc",
                    "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/"
                }
            ],
            "url": "http://seclists.org/fulldisclosure/2016/Dec/78"
        },
        {
            "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmailer/phpmailer/CVE-2016-10033.yaml",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"
                },
                {
                    "value": "CRITICAL",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmailer/phpmailer/CVE-2016-10033.yaml"
        },
        {
            "reference_url": "https://github.com/PHPMailer/PHPMailer",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"
                },
                {
                    "value": "CRITICAL",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://github.com/PHPMailer/PHPMailer"
        },
        {
            "reference_url": "https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.18",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"
                },
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                },
                {
                    "value": "CRITICAL",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                },
                {
                    "value": "Act",
                    "scoring_system": "ssvc",
                    "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/"
                }
            ],
            "url": "https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.18"
        },
        {
            "reference_url": "https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-5f37-gxvh-23v6",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"
                },
                {
                    "value": "CRITICAL",
                    "scoring_system": "cvssv3.1_qr",
                    "scoring_elements": ""
                },
                {
                    "value": "CRITICAL",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-5f37-gxvh-23v6"
        },
        {
            "reference_url": "https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"
                },
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                },
                {
                    "value": "CRITICAL",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                },
                {
                    "value": "Act",
                    "scoring_system": "ssvc",
                    "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/"
                }
            ],
            "url": "https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities"
        },
        {
            "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10033",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"
                },
                {
                    "value": "CRITICAL",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10033"
        },
        {
            "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-10033",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"
                },
                {
                    "value": "CRITICAL",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-10033"
        },
        {
            "reference_url": "https://www.drupal.org/psa-2016-004",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                },
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"
                },
                {
                    "value": "CRITICAL",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                },
                {
                    "value": "Act",
                    "scoring_system": "ssvc",
                    "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/"
                }
            ],
            "url": "https://www.drupal.org/psa-2016-004"
        },
        {
            "reference_url": "https://www.exploit-db.com/exploits/40968",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"
                },
                {
                    "value": "CRITICAL",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://www.exploit-db.com/exploits/40968"
        },
        {
            "reference_url": "https://www.exploit-db.com/exploits/40969",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"
                },
                {
                    "value": "CRITICAL",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://www.exploit-db.com/exploits/40969"
        },
        {
            "reference_url": "https://www.exploit-db.com/exploits/40970",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"
                },
                {
                    "value": "CRITICAL",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://www.exploit-db.com/exploits/40970"
        },
        {
            "reference_url": "https://www.exploit-db.com/exploits/40974",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"
                },
                {
                    "value": "CRITICAL",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://www.exploit-db.com/exploits/40974"
        },
        {
            "reference_url": "https://www.exploit-db.com/exploits/40986",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"
                },
                {
                    "value": "CRITICAL",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://www.exploit-db.com/exploits/40986"
        },
        {
            "reference_url": "https://www.exploit-db.com/exploits/41962",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"
                },
                {
                    "value": "CRITICAL",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://www.exploit-db.com/exploits/41962"
        },
        {
            "reference_url": "https://www.exploit-db.com/exploits/41996",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"
                },
                {
                    "value": "CRITICAL",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://www.exploit-db.com/exploits/41996"
        },
        {
            "reference_url": "https://www.exploit-db.com/exploits/42024",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"
                },
                {
                    "value": "CRITICAL",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://www.exploit-db.com/exploits/42024"
        },
        {
            "reference_url": "https://www.exploit-db.com/exploits/42221",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"
                },
                {
                    "value": "CRITICAL",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://www.exploit-db.com/exploits/42221"
        },
        {
            "reference_url": "http://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"
                },
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                },
                {
                    "value": "CRITICAL",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                },
                {
                    "value": "Act",
                    "scoring_system": "ssvc",
                    "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/"
                }
            ],
            "url": "http://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection"
        },
        {
            "reference_url": "http://www.securitytracker.com/id/1037533",
            "reference_id": "1037533",
            "reference_type": "",
            "scores": [
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                },
                {
                    "value": "Act",
                    "scoring_system": "ssvc",
                    "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/"
                }
            ],
            "url": "http://www.securitytracker.com/id/1037533"
        },
        {
            "reference_url": "https://www.exploit-db.com/exploits/40968/",
            "reference_id": "40968",
            "reference_type": "",
            "scores": [
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                },
                {
                    "value": "Act",
                    "scoring_system": "ssvc",
                    "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/"
                }
            ],
            "url": "https://www.exploit-db.com/exploits/40968/"
        },
        {
            "reference_url": "https://www.exploit-db.com/exploits/40969/",
            "reference_id": "40969",
            "reference_type": "",
            "scores": [
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                },
                {
                    "value": "Act",
                    "scoring_system": "ssvc",
                    "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/"
                }
            ],
            "url": "https://www.exploit-db.com/exploits/40969/"
        },
        {
            "reference_url": "https://www.exploit-db.com/exploits/40970/",
            "reference_id": "40970",
            "reference_type": "",
            "scores": [
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                },
                {
                    "value": "Act",
                    "scoring_system": "ssvc",
                    "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/"
                }
            ],
            "url": "https://www.exploit-db.com/exploits/40970/"
        },
        {
            "reference_url": "https://www.exploit-db.com/exploits/40974/",
            "reference_id": "40974",
            "reference_type": "",
            "scores": [
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                },
                {
                    "value": "Act",
                    "scoring_system": "ssvc",
                    "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/"
                }
            ],
            "url": "https://www.exploit-db.com/exploits/40974/"
        },
        {
            "reference_url": "https://www.exploit-db.com/exploits/40986/",
            "reference_id": "40986",
            "reference_type": "",
            "scores": [
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                },
                {
                    "value": "Act",
                    "scoring_system": "ssvc",
                    "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/"
                }
            ],
            "url": "https://www.exploit-db.com/exploits/40986/"
        },
        {
            "reference_url": "https://www.exploit-db.com/exploits/41962/",
            "reference_id": "41962",
            "reference_type": "",
            "scores": [
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                },
                {
                    "value": "Act",
                    "scoring_system": "ssvc",
                    "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/"
                }
            ],
            "url": "https://www.exploit-db.com/exploits/41962/"
        },
        {
            "reference_url": "https://www.exploit-db.com/exploits/41996/",
            "reference_id": "41996",
            "reference_type": "",
            "scores": [
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                },
                {
                    "value": "Act",
                    "scoring_system": "ssvc",
                    "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/"
                }
            ],
            "url": "https://www.exploit-db.com/exploits/41996/"
        },
        {
            "reference_url": "https://www.exploit-db.com/exploits/42024/",
            "reference_id": "42024",
            "reference_type": "",
            "scores": [
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                },
                {
                    "value": "Act",
                    "scoring_system": "ssvc",
                    "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/"
                }
            ],
            "url": "https://www.exploit-db.com/exploits/42024/"
        },
        {
            "reference_url": "https://www.exploit-db.com/exploits/42221/",
            "reference_id": "42221",
            "reference_type": "",
            "scores": [
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                },
                {
                    "value": "Act",
                    "scoring_system": "ssvc",
                    "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/"
                }
            ],
            "url": "https://www.exploit-db.com/exploits/42221/"
        },
        {
            "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849365",
            "reference_id": "849365",
            "reference_type": "",
            "scores": [],
            "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849365"
        },
        {
            "reference_url": "http://www.securityfocus.com/bid/95108",
            "reference_id": "95108",
            "reference_type": "",
            "scores": [
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                },
                {
                    "value": "Act",
                    "scoring_system": "ssvc",
                    "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/"
                }
            ],
            "url": "http://www.securityfocus.com/bid/95108"
        },
        {
            "reference_url": "https://security.archlinux.org/ASA-201701-22",
            "reference_id": "ASA-201701-22",
            "reference_type": "",
            "scores": [],
            "url": "https://security.archlinux.org/ASA-201701-22"
        },
        {
            "reference_url": "https://security.archlinux.org/AVG-142",
            "reference_id": "AVG-142",
            "reference_type": "",
            "scores": [
                {
                    "value": "High",
                    "scoring_system": "archlinux",
                    "scoring_elements": ""
                }
            ],
            "url": "https://security.archlinux.org/AVG-142"
        },
        {
            "reference_url": "https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html",
            "reference_id": "CVE-2016-10033",
            "reference_type": "exploit",
            "scores": [],
            "url": "https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html"
        },
        {
            "reference_url": "https://github.com/opsxcq/exploit-CVE-2016-10033/commit/1f6642cf116ecb6b6b96b5ec966915d5100adfe3",
            "reference_id": "CVE-2016-10033",
            "reference_type": "exploit",
            "scores": [],
            "url": "https://github.com/opsxcq/exploit-CVE-2016-10033/commit/1f6642cf116ecb6b6b96b5ec966915d5100adfe3"
        },
        {
            "reference_url": "https://github.com/rapid7/metasploit-framework/blob/1f4ff30adb09c836dc9cb5f2c2024a244cebd08d/modules/exploits/unix/webapp/wp_phpmailer_host_header.rb",
            "reference_id": "CVE-2016-10033",
            "reference_type": "exploit",
            "scores": [],
            "url": "https://github.com/rapid7/metasploit-framework/blob/1f4ff30adb09c836dc9cb5f2c2024a244cebd08d/modules/exploits/unix/webapp/wp_phpmailer_host_header.rb"
        },
        {
            "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/webapps/41962.sh",
            "reference_id": "CVE-2016-10033",
            "reference_type": "exploit",
            "scores": [],
            "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/webapps/41962.sh"
        },
        {
            "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/42024.rb",
            "reference_id": "CVE-2016-10033",
            "reference_type": "exploit",
            "scores": [],
            "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/42024.rb"
        },
        {
            "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/40968.sh",
            "reference_id": "CVE-2016-10033",
            "reference_type": "exploit",
            "scores": [],
            "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/40968.sh"
        },
        {
            "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/40970.php",
            "reference_id": "CVE-2016-10033",
            "reference_type": "exploit",
            "scores": [],
            "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/40970.php"
        },
        {
            "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/40974.py",
            "reference_id": "CVE-2016-10033",
            "reference_type": "exploit",
            "scores": [],
            "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/40974.py"
        },
        {
            "reference_url": "https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html",
            "reference_id": "CVE-2016-10033",
            "reference_type": "exploit",
            "scores": [
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"
                },
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                },
                {
                    "value": "CRITICAL",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                },
                {
                    "value": "Act",
                    "scoring_system": "ssvc",
                    "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/"
                }
            ],
            "url": "https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html"
        },
        {
            "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/40969.py",
            "reference_id": "CVE-2016-10045;CVE-2016-10033",
            "reference_type": "exploit",
            "scores": [],
            "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/40969.py"
        },
        {
            "reference_url": "https://exploitbox.io/vuln/Vanilla-Forums-Exploit-RCE-0day-Remote-Code-Exec-CVE-2016-10033.html",
            "reference_id": "CVE-2016-10073;CVE-2016-10033",
            "reference_type": "exploit",
            "scores": [],
            "url": "https://exploitbox.io/vuln/Vanilla-Forums-Exploit-RCE-0day-Remote-Code-Exec-CVE-2016-10033.html"
        },
        {
            "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/41996.sh",
            "reference_id": "CVE-2016-10073;CVE-2016-10033",
            "reference_type": "exploit",
            "scores": [],
            "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/41996.sh"
        },
        {
            "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/40986.py",
            "reference_id": "CVE-2016-10074;CVE-2016-10045;CVE-2016-10034;CVE-2016-10033",
            "reference_type": "exploit",
            "scores": [],
            "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/40986.py"
        },
        {
            "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/42221.py",
            "reference_id": "CVE-2016-10074;CVE-2016-10045;CVE-2016-10034;CVE-2016-10033",
            "reference_type": "exploit",
            "scores": [],
            "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/42221.py"
        },
        {
            "reference_url": "https://legalhackers.com/videos/PHPMailer-Exploit-Remote-Code-Exec-Vuln-CVE-2016-10033-PoC.html",
            "reference_id": "CVE-2016-10074;CVE-2016-10045;CVE-2016-10034;CVE-2016-10033",
            "reference_type": "exploit",
            "scores": [],
            "url": "https://legalhackers.com/videos/PHPMailer-Exploit-Remote-Code-Exec-Vuln-CVE-2016-10033-PoC.html"
        },
        {
            "reference_url": "https://github.com/advisories/GHSA-5f37-gxvh-23v6",
            "reference_id": "GHSA-5f37-gxvh-23v6",
            "reference_type": "",
            "scores": [
                {
                    "value": "CRITICAL",
                    "scoring_system": "cvssv3.1_qr",
                    "scoring_elements": ""
                }
            ],
            "url": "https://github.com/advisories/GHSA-5f37-gxvh-23v6"
        },
        {
            "reference_url": "http://www.securityfocus.com/archive/1/539963/100/0/threaded",
            "reference_id": "threaded",
            "reference_type": "",
            "scores": [
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                },
                {
                    "value": "Act",
                    "scoring_system": "ssvc",
                    "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/"
                }
            ],
            "url": "http://www.securityfocus.com/archive/1/539963/100/0/threaded"
        },
        {
            "reference_url": "https://usn.ubuntu.com/5956-1/",
            "reference_id": "USN-5956-1",
            "reference_type": "",
            "scores": [],
            "url": "https://usn.ubuntu.com/5956-1/"
        }
    ],
    "weaknesses": [
        {
            "cwe_id": 77,
            "name": "Improper Neutralization of Special Elements used in a Command ('Command Injection')",
            "description": "The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component."
        },
        {
            "cwe_id": 88,
            "name": "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')",
            "description": "The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string."
        },
        {
            "cwe_id": 937,
            "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities",
            "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."
        },
        {
            "cwe_id": 1035,
            "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities",
            "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."
        }
    ],
    "exploits": [
        {
            "date_added": null,
            "description": "This module exploits a command injection vulnerability in WordPress\n          version 4.6 with Exim as an MTA via a spoofed Host header to PHPMailer,\n          a mail-sending library that is bundled with WordPress.\n\n          A valid WordPress username is required to exploit the vulnerability.\n          Additionally, due to the altered Host header, exploitation is limited to\n          the default virtual host, assuming the header isn't mangled in transit.\n\n          If the target is running Apache 2.2.32 or 2.4.24 and later, the server\n          may have HttpProtocolOptions set to Strict, preventing a Host header\n          containing parens from passing through, making exploitation unlikely.",
            "required_action": null,
            "due_date": null,
            "notes": "Reliability:\n  - unknown-reliability\nStability:\n  - unknown-stability\nSideEffects:\n  - unknown-side-effects\n",
            "known_ransomware_campaign_use": false,
            "source_date_published": "2017-05-03",
            "exploit_type": null,
            "platform": "Linux",
            "source_date_updated": null,
            "data_source": "Metasploit",
            "source_url": "https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/unix/webapp/wp_phpmailer_host_header.rb"
        },
        {
            "date_added": "2025-07-07",
            "description": "PHPMailer contains a command injection vulnerability because it fails to sanitize user-supplied input. Specifically, this issue affects the 'mail()' function of 'class.phpmailer.php' script. An attacker can exploit this issue to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition.",
            "required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
            "due_date": "2025-07-28",
            "notes": "This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.18 ; https://github.com/advisories/GHSA-5f37-gxvh-23v6 ; https://nvd.nist.gov/vuln/detail/CVE-2016-10033",
            "known_ransomware_campaign_use": false,
            "source_date_published": null,
            "exploit_type": null,
            "platform": null,
            "source_date_updated": null,
            "data_source": "KEV",
            "source_url": null
        },
        {
            "date_added": "2017-06-21",
            "description": "PHPMailer < 5.2.20 with Exim MTA - Remote Code Execution",
            "required_action": null,
            "due_date": null,
            "notes": null,
            "known_ransomware_campaign_use": false,
            "source_date_published": "2017-06-21",
            "exploit_type": "webapps",
            "platform": "php",
            "source_date_updated": "2017-08-03",
            "data_source": "Exploit-DB",
            "source_url": ""
        }
    ],
    "severity_range_score": "7.0 - 10.0",
    "exploitability": "2.0",
    "weighted_severity": "9.0",
    "risk_score": 10.0,
    "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cq4m-3q7u-cbg3"
}