Bug #6622: phpmailer: Remote Code Execution (CVE-2016-10033, CVE-2016-10045)
[3.5] phpmailer: Remote Code Execution (CVE-2016-10033, CVE-2016-10045)
The mailSend function in the isMail transport in PHPMailer before 5.2.18, when the Sender property is not set,
might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary
code via a \" (backslash double quote) in a crafted From address.
Fixed In Version:¶
The isMail transport in PHPMailer before 5.2.20, when the Sender property is not set, might allow remote attackers to pass extra parameters
to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and
internal escaping performed in the mail function. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033.
Fixed in Version:¶
main/php5-phpmailer: security fixes #6623
Issues were fixed in 5.2.18 and 5.2.20
However, there were major changes between 5.2.4 and 5.2.20
This upgrade contains patch which is based on 2 commits
containing fix for CVE-2016-10045 and CVE-2016-10033:
Commits were adjusted to 5.2.4