Ubuntu Security Notice 5956-1 - Dawid Golunski discovered that PHPMailer was not properly escaping user input data used as arguments to functions executed by the system shell. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 ESM. It was discovered that PHPMailer was not properly escaping characters in certain fields of the code_generator.php example code. An attacker could possibly use this issue to conduct cross-site scripting attacks. This issue was only fixed in Ubuntu 16.04 ESM and Ubuntu 18.04 ESM.
222714e4ee696b2603d69df38c77117f2e5b2027b932d6a069bca47f30bd053cThis Metasploit module exploits a command injection vulnerability in WordPress version 4.6 with Exim as an MTA via a spoofed Host header to PHPMailer, a mail-sending library that is bundled with WordPress. A valid WordPress username is required to exploit the vulnerability. Additionally, due to the altered Host header, exploitation is limited to the default virtual host, assuming the header isn't mangled in transit. If the target is running Apache 2.2.32 or 2.4.24 and later, the server may have HttpProtocolOptions set to Strict, preventing a Host header containing parens from passing through, making exploitation unlikely.
928eb6125df4b025be7b68270b411eb5dfb58e8b71a32b25b6ed380ce5e0f241Vanilla Forums versions 2.3 and below remote code execution exploit.
5c7ea9a23a9cecb94400f22b0952a0d9d93fc3cf4ada6196b41f4105e85931c2WordPress (core) 4.6 suffers from an unauthenticated remote code execution condition via an exploitable version of PHPMailer built-in to WordPress code. Exploitation details provided.
3562cc0222ccab73bf32045e3f2bee84233aef4cd3e169a98bcd74a969767f51PHPMailer versions up to and including 5.2.19 are affected by a vulnerability which can be leveraged by an attacker to write a file with partially controlled contents to an arbitrary location through injection of arguments that are passed to the sendmail binary. This Metasploit module writes a payload to the web root of the webserver before then executing it with an HTTP request. The user running PHPMailer must have write access to the specified WEB_ROOT directory and successful exploitation can take a few minutes.
70cf2a666368f1670d184b2da81850b9fd8aabe74acc4c71858fb6c372248cc8This proof of concept exploit aims to execute a reverse shell on the target in the context of the web server user via a vulnerable PHP email library.
a6480837acf975f49749549e06ab31dc5538b6276d390b38aa0f7a89e63148d0Debian Linux Security Advisory 3750-2 - A functionally regression was discovered in some specific usage scenarios of PHPMailer following the security update of DSA-3750. New packages have been released which correct the problem.
89d8975f83a99d2bdaab1219b4564fd46284c201591c36d28866cee151b2244cDebian Linux Security Advisory 3750-1 - Dawid Golunski discovered that PHPMailer, a popular library to send email from PHP applications, allowed a remote attacker to execute code if they were able to provide a crafted Sender address.
901f4034412534063d18c6641addaec686197e10549977184764df69a8ca106fPHPMailer versions prior to 5.2.18 remote code execution exploit. Written in python.
0c56ae7013e3bf2befd1a423d12185599a480137baf9d7604084810574ff6517PHPMailer versions prior to 5.2.20 zero day remote code execution exploit. This bypasses the CVE-2016-10033 patch.
773582183b0cfc6f38ae24f52f7dfb831cd2f3410287245bc6daea84d4d8db83PHPMailer versions prior to 5.2.18 suffer from a remote code execution vulnerability. This archive consists of the full advisory and also the proof of concept code.
dff0fa27b99b22d59b30f33bda4811c6f57a5db1cf1cab549e564bd62faa8e9cPHPMailer version 5.2.17 suffers from a remote code execution vulnerability.
71254449b5468229de9f3d24cd3659f8ff035410115b6cf7f950f99bf518712f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed