Home
Mapping Frameworks
Known Exploited Vulnerabilities Home
PHPMailer Command Injection Vulnerability

Known Exploited Vulnerabilities CVE-2016-10033

PHPMailer contains a command injection vulnerability because it fails to sanitize user-supplied input. Specifically, this issue affects the 'mail()' function of 'class.phpmailer.php' script. An attacker can exploit this issue to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition.

Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name	Notes
CVE-2016-10033	PHPMailer Command Injection Vulnerability	exploitation_technique	T1190	Exploit Public-Facing Application	Comments References https://jp.broadcom.com/support/security-center/attacksignatures/detail?asid=29894 https://www.upguard.com/blog/cve-2016-10033-detection-and-response-guide
CVE-2016-10033	PHPMailer Command Injection Vulnerability	primary_impact	T1059.004	Unix Shell	Comments References https://jp.broadcom.com/support/security-center/attacksignatures/detail?asid=29894 https://www.upguard.com/blog/cve-2016-10033-detection-and-response-guide