Ubuntu Security Notice 5956-1 - Dawid Golunski discovered that PHPMailer was not properly escaping user input data used as arguments to functions executed by the system shell. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 ESM. It was discovered that PHPMailer was not properly escaping characters in certain fields of the code_generator.php example code. An attacker could possibly use this issue to conduct cross-site scripting attacks. This issue was only fixed in Ubuntu 16.04 ESM and Ubuntu 18.04 ESM.
222714e4ee696b2603d69df38c77117f2e5b2027b932d6a069bca47f30bd053c
This Metasploit module exploits a command injection vulnerability in WordPress version 4.6 with Exim as an MTA via a spoofed Host header to PHPMailer, a mail-sending library that is bundled with WordPress. A valid WordPress username is required to exploit the vulnerability. Additionally, due to the altered Host header, exploitation is limited to the default virtual host, assuming the header isn't mangled in transit. If the target is running Apache 2.2.32 or 2.4.24 and later, the server may have HttpProtocolOptions set to Strict, preventing a Host header containing parens from passing through, making exploitation unlikely.
928eb6125df4b025be7b68270b411eb5dfb58e8b71a32b25b6ed380ce5e0f241
Vanilla Forums versions 2.3 and below remote code execution exploit.
5c7ea9a23a9cecb94400f22b0952a0d9d93fc3cf4ada6196b41f4105e85931c2
WordPress (core) 4.6 suffers from an unauthenticated remote code execution condition via an exploitable version of PHPMailer built-in to WordPress code. Exploitation details provided.
3562cc0222ccab73bf32045e3f2bee84233aef4cd3e169a98bcd74a969767f51
PHPMailer versions up to and including 5.2.19 are affected by a vulnerability which can be leveraged by an attacker to write a file with partially controlled contents to an arbitrary location through injection of arguments that are passed to the sendmail binary. This Metasploit module writes a payload to the web root of the webserver before then executing it with an HTTP request. The user running PHPMailer must have write access to the specified WEB_ROOT directory and successful exploitation can take a few minutes.
70cf2a666368f1670d184b2da81850b9fd8aabe74acc4c71858fb6c372248cc8
This proof of concept exploit aims to execute a reverse shell on the target in the context of the web server user via a vulnerable PHP email library.
a6480837acf975f49749549e06ab31dc5538b6276d390b38aa0f7a89e63148d0
Debian Linux Security Advisory 3750-2 - A functionally regression was discovered in some specific usage scenarios of PHPMailer following the security update of DSA-3750. New packages have been released which correct the problem.
89d8975f83a99d2bdaab1219b4564fd46284c201591c36d28866cee151b2244c
Debian Linux Security Advisory 3750-1 - Dawid Golunski discovered that PHPMailer, a popular library to send email from PHP applications, allowed a remote attacker to execute code if they were able to provide a crafted Sender address.
901f4034412534063d18c6641addaec686197e10549977184764df69a8ca106f
PHPMailer versions prior to 5.2.18 remote code execution exploit. Written in python.
0c56ae7013e3bf2befd1a423d12185599a480137baf9d7604084810574ff6517
PHPMailer versions prior to 5.2.20 zero day remote code execution exploit. This bypasses the CVE-2016-10033 patch.
773582183b0cfc6f38ae24f52f7dfb831cd2f3410287245bc6daea84d4d8db83
PHPMailer versions prior to 5.2.18 suffer from a remote code execution vulnerability. This archive consists of the full advisory and also the proof of concept code.
dff0fa27b99b22d59b30f33bda4811c6f57a5db1cf1cab549e564bd62faa8e9c
PHPMailer version 5.2.17 suffers from a remote code execution vulnerability.
71254449b5468229de9f3d24cd3659f8ff035410115b6cf7f950f99bf518712f