VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-p3ee-1tqh-jycz

Essentials
Severities (106)
References (52)
Severity details (101)
Exploits (3)
EPSS
History (1)

Vulnerability ID	VCID-p3ee-1tqh-jycz
Aliases	CVE-2016-10033 GHSA-5f37-gxvh-23v6
Summary
Status	Published
Exploitability	2.0
Weighted Severity	9.0
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-77	Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-88	Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	9.8	http://packetstormsecurity.com/files/140291/PHPMailer-Remote-Code-Execution.html
generic_textual	CRITICAL	http://packetstormsecurity.com/files/140291/PHPMailer-Remote-Code-Execution.html
ssvc	Act	http://packetstormsecurity.com/files/140291/PHPMailer-Remote-Code-Execution.html
ssvc	Act	http://packetstormsecurity.com/files/140291/PHPMailer-Remote-Code-Execution.html
cvssv3.1	9.8	http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html
generic_textual	CRITICAL	http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html
ssvc	Act	http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html
ssvc	Act	http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html
epss	0.94362	https://api.first.org/data/v1/epss?cve=CVE-2016-10033
epss	0.94362	https://api.first.org/data/v1/epss?cve=CVE-2016-10033
epss	0.94366	https://api.first.org/data/v1/epss?cve=CVE-2016-10033
epss	0.94366	https://api.first.org/data/v1/epss?cve=CVE-2016-10033
epss	0.94389	https://api.first.org/data/v1/epss?cve=CVE-2016-10033
cvssv3.1	9.8	https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.html
generic_textual	CRITICAL	https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.html
ssvc	Act	https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.html
ssvc	Act	https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.html
cvssv3.1	9.8	http://seclists.org/fulldisclosure/2016/Dec/78
generic_textual	CRITICAL	http://seclists.org/fulldisclosure/2016/Dec/78
ssvc	Act	http://seclists.org/fulldisclosure/2016/Dec/78
ssvc	Act	http://seclists.org/fulldisclosure/2016/Dec/78
cvssv3.1_qr	CRITICAL	https://github.com/advisories/GHSA-5f37-gxvh-23v6
cvssv3.1	9.8	https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmailer/phpmailer/CVE-2016-10033.yaml
generic_textual	CRITICAL	https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmailer/phpmailer/CVE-2016-10033.yaml
cvssv3.1	9.8	https://github.com/PHPMailer/PHPMailer
generic_textual	CRITICAL	https://github.com/PHPMailer/PHPMailer
cvssv3.1	9.8	https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.18
generic_textual	CRITICAL	https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.18
ssvc	Act	https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.18
ssvc	Act	https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.18
cvssv3.1	9.8	https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-5f37-gxvh-23v6
cvssv3.1_qr	CRITICAL	https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-5f37-gxvh-23v6
generic_textual	CRITICAL	https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-5f37-gxvh-23v6
cvssv3.1	9.8	https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities
generic_textual	CRITICAL	https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities
ssvc	Act	https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities
ssvc	Act	https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities
cvssv3.1	9.8	https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html
generic_textual	CRITICAL	https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html
ssvc	Act	https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html
ssvc	Act	https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html
cvssv3.1	9.8	https://nvd.nist.gov/vuln/detail/CVE-2016-10033
generic_textual	CRITICAL	https://nvd.nist.gov/vuln/detail/CVE-2016-10033
archlinux	High	https://security.archlinux.org/AVG-142
cvssv3.1	9.8	https://www.drupal.org/psa-2016-004
generic_textual	CRITICAL	https://www.drupal.org/psa-2016-004
ssvc	Act	https://www.drupal.org/psa-2016-004
ssvc	Act	https://www.drupal.org/psa-2016-004
cvssv3.1	9.8	https://www.exploit-db.com/exploits/40968
generic_textual	CRITICAL	https://www.exploit-db.com/exploits/40968
cvssv3.1	9.8	https://www.exploit-db.com/exploits/40968/
ssvc	Act	https://www.exploit-db.com/exploits/40968/
ssvc	Act	https://www.exploit-db.com/exploits/40968/
cvssv3.1	9.8	https://www.exploit-db.com/exploits/40969
generic_textual	CRITICAL	https://www.exploit-db.com/exploits/40969
cvssv3.1	9.8	https://www.exploit-db.com/exploits/40969/
ssvc	Act	https://www.exploit-db.com/exploits/40969/
ssvc	Act	https://www.exploit-db.com/exploits/40969/
cvssv3.1	9.8	https://www.exploit-db.com/exploits/40970
generic_textual	CRITICAL	https://www.exploit-db.com/exploits/40970
cvssv3.1	9.8	https://www.exploit-db.com/exploits/40970/
ssvc	Act	https://www.exploit-db.com/exploits/40970/
ssvc	Act	https://www.exploit-db.com/exploits/40970/
cvssv3.1	9.8	https://www.exploit-db.com/exploits/40974
generic_textual	CRITICAL	https://www.exploit-db.com/exploits/40974
cvssv3.1	9.8	https://www.exploit-db.com/exploits/40974/
ssvc	Act	https://www.exploit-db.com/exploits/40974/
ssvc	Act	https://www.exploit-db.com/exploits/40974/
cvssv3.1	9.8	https://www.exploit-db.com/exploits/40986
generic_textual	CRITICAL	https://www.exploit-db.com/exploits/40986
cvssv3.1	9.8	https://www.exploit-db.com/exploits/40986/
ssvc	Act	https://www.exploit-db.com/exploits/40986/
ssvc	Act	https://www.exploit-db.com/exploits/40986/
cvssv3.1	9.8	https://www.exploit-db.com/exploits/41962
generic_textual	CRITICAL	https://www.exploit-db.com/exploits/41962
cvssv3.1	9.8	https://www.exploit-db.com/exploits/41962/
ssvc	Act	https://www.exploit-db.com/exploits/41962/
ssvc	Act	https://www.exploit-db.com/exploits/41962/
cvssv3.1	9.8	https://www.exploit-db.com/exploits/41996
generic_textual	CRITICAL	https://www.exploit-db.com/exploits/41996
cvssv3.1	9.8	https://www.exploit-db.com/exploits/41996/
ssvc	Act	https://www.exploit-db.com/exploits/41996/
ssvc	Act	https://www.exploit-db.com/exploits/41996/
cvssv3.1	9.8	https://www.exploit-db.com/exploits/42024
generic_textual	CRITICAL	https://www.exploit-db.com/exploits/42024
cvssv3.1	9.8	https://www.exploit-db.com/exploits/42024/
ssvc	Act	https://www.exploit-db.com/exploits/42024/
ssvc	Act	https://www.exploit-db.com/exploits/42024/
cvssv3.1	9.8	https://www.exploit-db.com/exploits/42221
generic_textual	CRITICAL	https://www.exploit-db.com/exploits/42221
cvssv3.1	9.8	https://www.exploit-db.com/exploits/42221/
ssvc	Act	https://www.exploit-db.com/exploits/42221/
ssvc	Act	https://www.exploit-db.com/exploits/42221/
cvssv3.1	9.8	http://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection
generic_textual	CRITICAL	http://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection
ssvc	Act	http://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection
ssvc	Act	http://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection
cvssv3.1	9.8	http://www.securityfocus.com/archive/1/539963/100/0/threaded
ssvc	Act	http://www.securityfocus.com/archive/1/539963/100/0/threaded
ssvc	Act	http://www.securityfocus.com/archive/1/539963/100/0/threaded
cvssv3.1	9.8	http://www.securityfocus.com/bid/95108
ssvc	Act	http://www.securityfocus.com/bid/95108
ssvc	Act	http://www.securityfocus.com/bid/95108
cvssv3.1	9.8	http://www.securitytracker.com/id/1037533
ssvc	Act	http://www.securitytracker.com/id/1037533
ssvc	Act	http://www.securitytracker.com/id/1037533

Reference id	Reference type	URL
		http://packetstormsecurity.com/files/140291/PHPMailer-Remote-Code-Execution.html
		http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html
		https://api.first.org/data/v1/epss?cve=CVE-2016-10033
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10033
		https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.html
		http://seclists.org/fulldisclosure/2016/Dec/78
		https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmailer/phpmailer/CVE-2016-10033.yaml
		https://github.com/PHPMailer/PHPMailer
		https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.18
		https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-5f37-gxvh-23v6
		https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities
		https://nvd.nist.gov/vuln/detail/CVE-2016-10033
		https://www.drupal.org/psa-2016-004
		https://www.exploit-db.com/exploits/40968
		https://www.exploit-db.com/exploits/40969
		https://www.exploit-db.com/exploits/40970
		https://www.exploit-db.com/exploits/40974
		https://www.exploit-db.com/exploits/40986
		https://www.exploit-db.com/exploits/41962
		https://www.exploit-db.com/exploits/41996
		https://www.exploit-db.com/exploits/42024
		https://www.exploit-db.com/exploits/42221
		http://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection
1037533		http://www.securitytracker.com/id/1037533
40968		https://www.exploit-db.com/exploits/40968/
40969		https://www.exploit-db.com/exploits/40969/
40970		https://www.exploit-db.com/exploits/40970/
40974		https://www.exploit-db.com/exploits/40974/
40986		https://www.exploit-db.com/exploits/40986/
41962		https://www.exploit-db.com/exploits/41962/
41996		https://www.exploit-db.com/exploits/41996/
42024		https://www.exploit-db.com/exploits/42024/
42221		https://www.exploit-db.com/exploits/42221/
849365		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849365
95108		http://www.securityfocus.com/bid/95108
ASA-201701-22		https://security.archlinux.org/ASA-201701-22
AVG-142		https://security.archlinux.org/AVG-142
CVE-2016-10033	Exploit	https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html
CVE-2016-10033	Exploit	https://github.com/opsxcq/exploit-CVE-2016-10033/commit/1f6642cf116ecb6b6b96b5ec966915d5100adfe3
CVE-2016-10033	Exploit	https://github.com/rapid7/metasploit-framework/blob/1f4ff30adb09c836dc9cb5f2c2024a244cebd08d/modules/exploits/unix/webapp/wp_phpmailer_host_header.rb
CVE-2016-10033	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/webapps/41962.sh
CVE-2016-10033	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/42024.rb
CVE-2016-10033	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/40968.sh
CVE-2016-10033	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/40970.php
CVE-2016-10033	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/40974.py
CVE-2016-10033	Exploit	https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html
CVE-2016-10045;CVE-2016-10033	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/40969.py
CVE-2016-10073;CVE-2016-10033	Exploit	https://exploitbox.io/vuln/Vanilla-Forums-Exploit-RCE-0day-Remote-Code-Exec-CVE-2016-10033.html
CVE-2016-10073;CVE-2016-10033	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/41996.sh
GHSA-5f37-gxvh-23v6		https://github.com/advisories/GHSA-5f37-gxvh-23v6
threaded		http://www.securityfocus.com/archive/1/539963/100/0/threaded
USN-5956-1		https://usn.ubuntu.com/5956-1/

Data source	Exploit-DB
Date added	June 21, 2017
Description	PHPMailer < 5.2.20 with Exim MTA - Remote Code Execution
Ransomware campaign use	Unknown
Source publication date	June 21, 2017
Exploit type	webapps
Platform	php
Source update date	Aug. 3, 2017

Data source	KEV
Date added	July 7, 2025
Description	PHPMailer contains a command injection vulnerability because it fails to sanitize user-supplied input. Specifically, this issue affects the 'mail()' function of 'class.phpmailer.php' script. An attacker can exploit this issue to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition.
Required action	Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due date	July 28, 2025
Note	This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.18 ; https://github.com/advisories/GHSA-5f37-gxvh-23v6 ; https://nvd.nist.gov/vuln/detail/CVE-2016-10033
Ransomware campaign use	Unknown

Data source	Metasploit
Description	This module exploits a command injection vulnerability in WordPress version 4.6 with Exim as an MTA via a spoofed Host header to PHPMailer, a mail-sending library that is bundled with WordPress. A valid WordPress username is required to exploit the vulnerability. Additionally, due to the altered Host header, exploitation is limited to the default virtual host, assuming the header isn't mangled in transit. If the target is running Apache 2.2.32 or 2.4.24 and later, the server may have HttpProtocolOptions set to Strict, preventing a Host header containing parens from passing through, making exploitation unlikely.
Note	Reliability: - unknown-reliability Stability: - unknown-stability SideEffects: - unknown-side-effects
Ransomware campaign use	Unknown
Source publication date	May 3, 2017
Platform	Linux
Source URL	https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/unix/webapp/wp_phpmailer_host_header.rb

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://packetstormsecurity.com/files/140291/PHPMailer-Remote-Code-Execution.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-07T17:18:11Z/ Found at http://packetstormsecurity.com/files/140291/PHPMailer-Remote-Code-Execution.html

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/ Found at http://packetstormsecurity.com/files/140291/PHPMailer-Remote-Code-Execution.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/ Found at http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-07T17:18:11Z/ Found at http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-07T17:18:11Z/ Found at https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.html

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/ Found at https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://seclists.org/fulldisclosure/2016/Dec/78

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/ Found at http://seclists.org/fulldisclosure/2016/Dec/78

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-07T17:18:11Z/ Found at http://seclists.org/fulldisclosure/2016/Dec/78

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmailer/phpmailer/CVE-2016-10033.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/PHPMailer/PHPMailer

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.18

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-07T17:18:11Z/ Found at https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.18

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/ Found at https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.18

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-5f37-gxvh-23v6

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-07T17:18:11Z/ Found at https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/ Found at https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/ Found at https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-07T17:18:11Z/ Found at https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2016-10033

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.drupal.org/psa-2016-004

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/ Found at https://www.drupal.org/psa-2016-004

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-07T17:18:11Z/ Found at https://www.drupal.org/psa-2016-004

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.exploit-db.com/exploits/40968

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.exploit-db.com/exploits/40968/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-07T17:18:11Z/ Found at https://www.exploit-db.com/exploits/40968/

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/ Found at https://www.exploit-db.com/exploits/40968/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.exploit-db.com/exploits/40969

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.exploit-db.com/exploits/40969/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-07T17:18:11Z/ Found at https://www.exploit-db.com/exploits/40969/

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/ Found at https://www.exploit-db.com/exploits/40969/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.exploit-db.com/exploits/40970

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.exploit-db.com/exploits/40970/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/ Found at https://www.exploit-db.com/exploits/40970/

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-07T17:18:11Z/ Found at https://www.exploit-db.com/exploits/40970/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.exploit-db.com/exploits/40974

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.exploit-db.com/exploits/40974/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-07T17:18:11Z/ Found at https://www.exploit-db.com/exploits/40974/

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/ Found at https://www.exploit-db.com/exploits/40974/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.exploit-db.com/exploits/40986

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.exploit-db.com/exploits/40986/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-07T17:18:11Z/ Found at https://www.exploit-db.com/exploits/40986/

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/ Found at https://www.exploit-db.com/exploits/40986/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.exploit-db.com/exploits/41962

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.exploit-db.com/exploits/41962/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-07T17:18:11Z/ Found at https://www.exploit-db.com/exploits/41962/

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/ Found at https://www.exploit-db.com/exploits/41962/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.exploit-db.com/exploits/41996

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.exploit-db.com/exploits/41996/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-07T17:18:11Z/ Found at https://www.exploit-db.com/exploits/41996/

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/ Found at https://www.exploit-db.com/exploits/41996/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.exploit-db.com/exploits/42024

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.exploit-db.com/exploits/42024/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/ Found at https://www.exploit-db.com/exploits/42024/

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-07T17:18:11Z/ Found at https://www.exploit-db.com/exploits/42024/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.exploit-db.com/exploits/42221

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.exploit-db.com/exploits/42221/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-07T17:18:11Z/ Found at https://www.exploit-db.com/exploits/42221/

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/ Found at https://www.exploit-db.com/exploits/42221/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-07T17:18:11Z/ Found at http://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/ Found at http://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.securityfocus.com/archive/1/539963/100/0/threaded

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/ Found at http://www.securityfocus.com/archive/1/539963/100/0/threaded

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-07T17:18:11Z/ Found at http://www.securityfocus.com/archive/1/539963/100/0/threaded

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.securityfocus.com/bid/95108

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/ Found at http://www.securityfocus.com/bid/95108

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-07T17:18:11Z/ Found at http://www.securityfocus.com/bid/95108

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.securitytracker.com/id/1037533

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-17T03:55:44Z/ Found at http://www.securitytracker.com/id/1037533

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-07-07T17:18:11Z/ Found at http://www.securitytracker.com/id/1037533

Exploit Prediction Scoring System (EPSS)

Percentile	0.99959
EPSS Score	0.94362
Published At	Aug. 1, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:41:19.757503+00:00	Ubuntu USN Importer	Import	https://usn.ubuntu.com/5956-1/	37.0.0