Search for vulnerabilities
Vulnerability details: VCID-ehef-kh9v-h7gd
Vulnerability ID VCID-ehef-kh9v-h7gd
Aliases CVE-2016-10045
GHSA-4pc3-96mx-wwc8
Summary
Status Published
Exploitability 2.0
Weighted Severity 9.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 9.8 http://openwall.com/lists/oss-security/2016/12/28/1
generic_textual CRITICAL http://openwall.com/lists/oss-security/2016/12/28/1
cvssv3.1 9.8 http://packetstormsecurity.com/files/140286/PHPMailer-Remote-Code-Execution.html
generic_textual CRITICAL http://packetstormsecurity.com/files/140286/PHPMailer-Remote-Code-Execution.html
cvssv3.1 9.8 http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html
generic_textual CRITICAL http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html
epss 0.93265 https://api.first.org/data/v1/epss?cve=CVE-2016-10045
epss 0.93265 https://api.first.org/data/v1/epss?cve=CVE-2016-10045
epss 0.93505 https://api.first.org/data/v1/epss?cve=CVE-2016-10045
epss 0.93505 https://api.first.org/data/v1/epss?cve=CVE-2016-10045
epss 0.93505 https://api.first.org/data/v1/epss?cve=CVE-2016-10045
epss 0.93505 https://api.first.org/data/v1/epss?cve=CVE-2016-10045
cvssv3.1 9.8 https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.html
generic_textual CRITICAL https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.html
cvssv3.1 9.8 http://seclists.org/fulldisclosure/2016/Dec/81
generic_textual CRITICAL http://seclists.org/fulldisclosure/2016/Dec/81
cvssv3.1_qr CRITICAL https://github.com/advisories/GHSA-4pc3-96mx-wwc8
cvssv3.1 9.8 https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmailer/phpmailer/CVE-2016-10045.yaml
generic_textual CRITICAL https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmailer/phpmailer/CVE-2016-10045.yaml
cvssv3.1 9.8 https://github.com/PHPMailer/PHPMailer
generic_textual CRITICAL https://github.com/PHPMailer/PHPMailer
cvssv3.1 9.8 https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.20
generic_textual CRITICAL https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.20
cvssv3.1 9.8 https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-4pc3-96mx-wwc8
cvssv3.1_qr CRITICAL https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-4pc3-96mx-wwc8
generic_textual CRITICAL https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-4pc3-96mx-wwc8
cvssv3.1 9.8 https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities
generic_textual CRITICAL https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities
cvssv3.1 9.8 https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html
generic_textual CRITICAL https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html
cvssv3.1 9.8 https://nvd.nist.gov/vuln/detail/CVE-2016-10045
generic_textual CRITICAL https://nvd.nist.gov/vuln/detail/CVE-2016-10045
archlinux High https://security.archlinux.org/AVG-142
cvssv3.1 9.8 https://www.exploit-db.com/exploits/40969
generic_textual CRITICAL https://www.exploit-db.com/exploits/40969
cvssv3.1 9.8 https://www.exploit-db.com/exploits/40986
generic_textual CRITICAL https://www.exploit-db.com/exploits/40986
cvssv3.1 9.8 https://www.exploit-db.com/exploits/42221
generic_textual CRITICAL https://www.exploit-db.com/exploits/42221
cvssv3.1 9.8 http://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection
generic_textual CRITICAL http://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection
Reference id Reference type URL
http://openwall.com/lists/oss-security/2016/12/28/1
http://packetstormsecurity.com/files/140286/PHPMailer-Remote-Code-Execution.html
http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html
https://api.first.org/data/v1/epss?cve=CVE-2016-10045
https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.html
http://seclists.org/fulldisclosure/2016/Dec/81
https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmailer/phpmailer/CVE-2016-10045.yaml
https://github.com/PHPMailer/PHPMailer
https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.20
https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-4pc3-96mx-wwc8
https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities
https://nvd.nist.gov/vuln/detail/CVE-2016-10045
https://www.exploit-db.com/exploits/40969
https://www.exploit-db.com/exploits/40986
https://www.exploit-db.com/exploits/42221
http://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection
ASA-201701-22 https://security.archlinux.org/ASA-201701-22
AVG-142 https://security.archlinux.org/AVG-142
CVE-2016-10045;CVE-2016-10033 Exploit https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html
GHSA-4pc3-96mx-wwc8 https://github.com/advisories/GHSA-4pc3-96mx-wwc8
USN-5956-1 https://usn.ubuntu.com/5956-1/
Data source Exploit-DB
Date added June 21, 2017
Description PHPMailer < 5.2.20 with Exim MTA - Remote Code Execution
Ransomware campaign use Unknown
Source publication date June 21, 2017
Exploit type webapps
Platform php
Source update date Aug. 3, 2017
Data source Metasploit
Description PHPMailer versions up to and including 5.2.19 are affected by a vulnerability which can be leveraged by an attacker to write a file with partially controlled contents to an arbitrary location through injection of arguments that are passed to the sendmail binary. This module writes a payload to the web root of the webserver before then executing it with an HTTP request. The user running PHPMailer must have write access to the specified WEB_ROOT directory and successful exploitation can take a few minutes.
Note 
Stability:
  - crash-safe
SideEffects:
  - artifacts-on-disk
  - ioc-in-logs
Reliability:
  - repeatable-session
Ransomware campaign use Unknown
Source publication date Dec. 26, 2016
Platform PHP
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/http/phpmailer_arg_injection.rb
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://openwall.com/lists/oss-security/2016/12/28/1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://packetstormsecurity.com/files/140286/PHPMailer-Remote-Code-Execution.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://seclists.org/fulldisclosure/2016/Dec/81
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmailer/phpmailer/CVE-2016-10045.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/PHPMailer/PHPMailer
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.20
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-4pc3-96mx-wwc8
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2016-10045
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.exploit-db.com/exploits/40969
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.exploit-db.com/exploits/40986
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.exploit-db.com/exploits/42221
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.99803
EPSS Score 0.93265
Published At Aug. 1, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:41:19.775787+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/5956-1/ 37.0.0