The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address in the (1) From, (2) ReturnPath, or (3) Sender header.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/140290/SwiftMailer-Remote-Code-Execution.html | Exploit Third Party Advisory |
http://seclists.org/fulldisclosure/2016/Dec/86 | Exploit Mailing List |
http://www.debian.org/security/2017/dsa-3769 | |
http://www.securityfocus.com/bid/95140 | Third Party Advisory VDB Entry |
https://github.com/swiftmailer/swiftmailer/blob/5.x/CHANGES | Patch Vendor Advisory |
https://legalhackers.com/advisories/SwiftMailer-Exploit-Remote-Code-Exec-CVE-2016-10074-Vuln.html | Exploit Technical Description Third Party Advisory |
https://www.exploit-db.com/exploits/40972/ | Exploit Third Party Advisory |
https://www.exploit-db.com/exploits/40986/ | |
https://www.exploit-db.com/exploits/42221/ |
Configurations
History
No history.
Information
Published : 2016-12-30 19:59
Updated : 2024-02-28 15:44
NVD link : CVE-2016-10074
Mitre link : CVE-2016-10074
CVE.ORG link : CVE-2016-10074
JSON object : View
Products Affected
swiftmailer
- swiftmailer
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')