You are here

Home › PHPMailer Remode Code Execution Vulnerability / PwnScriptum

PHPMailer Remode Code Execution Vulnerability / PwnScriptum

Submitted on 4. January 2017 - 12:07 by rischi.
Last update on 19. January 2017 - 14:57.
IDs: 
CVE-2016-10033, CVE-2016-10045
Keywords: 
PHPMailer, RCE, PHP, Joolma, Drupal, WordPress, PwnScriptum
Description: 

PHPmailer is a PHP class that provides a package of functions to send email. The component is widely used in PHP web applications including content management systems (CMS) like WordPress, Drupal and Joomla.

The component is affected by a remote code execution (RCE) vulnerability if the "From" address is set from user input. (see [1] for additional information).

Airlock WAF does not protect by default. A custom Deny Rule can be created to prevent exploitation of the vulnerability.

Resolution: 

We recommend to update vulnerable back-end systems and make sure that PHPMailer version 5.2.20 or above is used.

If you can not immediately update we recommend to configure the following custom Deny Rule / virtual patch on all affected mappings.

Name: PHPMailer vulnerability CVE-2016-10033
Pattern: \\".*\h-[DX]
Ignore Case: Off
Invert: Off

Component: 
Airlock
Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
Back-ends may be vulnerable, see resolution
Reference: 
[1] About the CVE 2016 10033 and CVE 2016 10045 vulnerabilities
© Ergon Informatik AG