PHPMailer Multiple Vulnerabilities
Multiple vulnerabilities were identified in PHPMailer, a remote attacker can exploit these vulnerabilities to perform remote code execution on the targeted system.
Note: These products may also be affected: WordPress, Drupal, SugarCRM, and Joomla.
CVE-2016-10033 is being exploited in the wild. PHPMailer contains a command injection vulnerability because it fails to sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition. Hence, the risk level is rated as Extremely High Risk.
[Updated on 2025-07-08]
Updated Risk Level, Description, Impact, Source and Related Links.
RISK: Extremely High Risk
TYPE: Servers – Web Servers
Impact
- Remote Code Execution
- Denial of Service
System / Technologies affected
- Updated on 2016-12-29
Version prior to 5.2.20
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Updated on 2016-12-29
Update to version 5.2.20
Vulnerability Identifier
Source
Related Link
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
