Vulnerabilities

CVE-2016-10033

by Fred · 30/12/2016

The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " (backslash double quote) in a crafted Sender property.

Date published : 2016-12-30

http://www.securityfocus.com/bid/95108

http://www.securityfocus.com/archive/1/539963/100/0/threaded

Related

Tags: Cybersecurity Alert