You are here

PHPMailer Remode Code Execution Vulnerability / PwnScriptum

CVE-2016-10033, CVE-2016-10045
PHPMailer, RCE, PHP, Joolma, Drupal, WordPress, PwnScriptum

PHPmailer is a PHP class that provides a package of functions to send email. The component is widely used in PHP web applications including content management systems (CMS) like WordPress, Drupal and Joomla.

The component is affected by a remote code execution (RCE) vulnerability if the "From" address is set from user input. (see [1] for additional information).

Airlock WAF does not protect by default. A custom Deny Rule can be created to prevent exploitation of the vulnerability.


We recommend to update vulnerable back-end systems and make sure that PHPMailer version 5.2.20 or above is used.

If you can not immediately update we recommend to configure the following custom Deny Rule / virtual patch on all affected mappings.

Name: PHPMailer vulnerability CVE-2016-10033
Pattern: \\".*\h-[DX]
Ignore Case: Off
Invert: Off

Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
Back-ends may be vulnerable, see resolution