The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
Metrics
Affected Vendors & Products
References
History
Mon, 07 Jul 2025 23:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
kev
|
Mon, 07 Jul 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|

Status: PUBLISHED
Assigner: mitre
Published: 2016-12-30T19:00:00.000Z
Updated: 2025-07-07T22:20:24.083Z
Reserved: 2016-12-22T00:00:00.000Z
Link: CVE-2016-10033

Updated: 2024-08-06T03:07:32.161Z

Status : Deferred
Published: 2016-12-30T19:59:00.137
Modified: 2025-07-08T01:00:02.203
Link: CVE-2016-10033

No data.