cve/CVE-2016-10034.md at d265b01db84ea263ae08fa7d2c08cb82387c2083

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-07 03:02:30 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " (backslash double quote) in a crafted e-mail address.

POC

Reference

https://legalhackers.com/advisories/ZendFramework-Exploit-ZendMail-Remote-Code-Exec-CVE-2016-10034-Vuln.html
https://www.exploit-db.com/exploits/40979/
https://www.exploit-db.com/exploits/40986/
https://www.exploit-db.com/exploits/42221/

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/aklmtst/PHPMailer-Remote-Code-Execution-Exploit
https://github.com/heikipikker/exploit-CVE-2016-10034
https://github.com/pitecozz/RCE-VUL

1.1 KiB Raw Blame History

CVE-2016-10034

Description

POC

Reference

Github

1.1 KiB

Raw Blame History