Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 28 Dec 2016 03:03:39 -0200
From: Dawid Golunski <>
Subject: PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit
 (CVE-2016-10045) (Bypass of the CVE-2016-1033 patch)

PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit
(CVE-2016-10045) (Bypass for the CVE-2016-1033 patch)

Discovered by Dawid Golunski (@dawid_golunski)


I discovered that the current PHPMailer versions (< 5.2.20) were still
vulnerable to RCE as it is possible to bypass the currently available

This was reported responsibly to the vendor & assigned a CVEID on the
26th of December.
The vendor has been working on a new patch which would fix the problem but
not break the RFC too badly. The patch should be published very soon.

I'm releasing this as a 0day without the new patch available publicly
as a potential bypass was publicly discussed on oss-sec with Solar
Designer in the PHPMailer < 5.2.18 thread, so holding the advisory
further would serve no purpose.

Current advisory URL:

More updates soon at:

Dawid Golunski
t: @dawid_golunski

View attachment "PHPMailer-fix-bypass.txt" of type "text/plain" (6286 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ