PHPMailer Multiple Vulnerabilities

Last Update Date: 8 Jul 2025 Release Date: 28 Dec 2016 7910 Views

RISK: Extremely High Risk

Extremely High Risk

TYPE: Servers - Web Servers

TYPE: Web Servers

Multiple vulnerabilities were identified in PHPMailer, a remote attacker can exploit these vulnerabilities to perform remote code execution on the targeted system.

 

Note: These products may also be affected: WordPress, Drupal, SugarCRM, and Joomla.

 

CVE-2016-10033 is being exploited in the wild. PHPMailer contains a command injection vulnerability because it fails to sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition. Hence, the risk level is rated as Extremely High Risk.

 

[Updated on 2025-07-08]

Updated Risk Level, Description, Impact, Source and Related Links.

 

Impact

  • Remote Code Execution
  • Denial of Service

System / Technologies affected

  • Updated on 2016-12-29
    Version prior to 5.2.20

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Updated on 2016-12-29
    Update to version 5.2.20

Vulnerability Identifier

Source

Related Link

Related Tags

Exploit In The WildDenial of ServiceRemote Code Execution

Share with

Previous

Citrix XenServer Denial of Service Vulnerability

4 Jul 2025 3776 Views

Next

Zimbra Multiple Vulnerabilities

8 Jul 2025 7392 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY