CVEs-PoC/2016/CVE-2016-10034.md at 183d1f8677d424ca51cab102bc615f8bcebb511d

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-09 19:17:37 +02:00

Files

T

0xMarcio ba290685fe Update CVE sources 2024-06-09 00:33

2024-06-09 00:33:16 +00:00

Description

The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " (backslash double quote) in a crafted e-mail address.

POC

Reference

https://legalhackers.com/advisories/ZendFramework-Exploit-ZendMail-Remote-Code-Exec-CVE-2016-10034-Vuln.html
https://legalhackers.com/advisories/ZendFramework-Exploit-ZendMail-Remote-Code-Exec-CVE-2016-10034-Vuln.html
https://www.exploit-db.com/exploits/40979/
https://www.exploit-db.com/exploits/40979/
https://www.exploit-db.com/exploits/40986/
https://www.exploit-db.com/exploits/40986/
https://www.exploit-db.com/exploits/42221/
https://www.exploit-db.com/exploits/42221/

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/aklmtst/PHPMailer-Remote-Code-Execution-Exploit
https://github.com/heikipikker/exploit-CVE-2016-10034
https://github.com/pitecozz/RCE-VUL

1.4 KiB Raw Blame History

CVE-2016-10034

Description

POC

Reference

Github

1.4 KiB

Raw Blame History