Skip to main content
CVE-2016-10033 CRITICAL POC KEV PATCH THREAT Act Now

The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

RCE
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
94.5%
Threat
7.8
CVE-2016-10045 CRITICAL POC PATCH THREAT Act Now

The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 93.4%.

Command Injection RCE Phpmailer WordPress Joomla
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
93.4%
Threat
6.3
CVE-2016-10034 CRITICAL POC PATCH THREAT Act Now

The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 82.3%.

Command Injection RCE Zend Framework Zend Mail
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
82.3%
Threat
5.9
CVE-2016-10074 CRITICAL POC PATCH THREAT Act Now

The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 75.5%.

Command Injection RCE Swiftmailer
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
75.5%
Threat
5.7
CVE-2016-10082 CRITICAL PATCH Act Now

include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE PHP Authentication Bypass Serendipity
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy