A critical vulnerability, tracked as CVE-2016–10033, affects all versions of PHPMailer before 5.2.18


Dawid Golunski, security expert from Legal Hackers, has discovered a flaw in PHPMailer that could be exploited by a remote attacker to execute arbitrary code in the context of the web server and compromise the target web application.

PHPMailer if one of the most popular open source PHP libraries used to send emails. It has been estimated that millions of websites that using PHP and popular CMS, like WordPress, Drupal, and Joomla use the library for sending emails.

All versions of PHPMailer before 5.2.18 release are affected.

A successful exploitation could let remote attackers to gain access to 
the target server in the context of the web server account which could
lead to a full compromise of the web application.

No official solution is available at the moment, because the researcher also published a bypass of the current
solution/fix which makes the PHPMailer vulnerable again in versions <5.2.20

Here a video of PoC exploit:

[embed]https://www.youtube.com/watch?v=xyYMYvT2bx8[/embed]


References

More technical information and PoCs:

[embed]https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html[/embed]
[embed]https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html[/embed]