The mailSend
function in the default isMail
transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender
property.
Fixed in 5.2.18
Filter and validate user input before passing it to internal functions.
https://nvd.nist.gov/vuln/detail/CVE-2016-10033 Related to a follow-on issue in https://nvd.nist.gov/vuln/detail/CVE-2016-10045
If you have any questions or comments about this advisory: * Open a private issue in the PHPMailer project
{ "nvd_published_at": "2016-12-30T19:59:00Z", "cwe_ids": [ "CWE-77" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2020-03-05T22:05:13Z" }