CVE-2016-10034

The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " (backslash double quote) in a crafted e-mail address.

Published: Dec 30, 2016
Updated: Apr 13, 2023
CVE: CVE-2016-10034
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-77

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
zend / zend_framework	-	2.4.10.x
zend / zend-mail	2.6.2	2.6.2.x
zend / zend-mail	2.5.2	2.5.2.x
zend / zend-mail	2.5.0	2.5.0.x
zend / zend-mail	-	2.4.10.x
zend / zend-mail	2.6.0	2.6.0.x
zend / zend-mail	2.7.0	2.7.0.x
zend / zend-mail	2.6.1	2.6.1.x
zend / zend-mail	2.7.1	2.7.1.x
zend / zend-mail	2.5.1	2.5.1.x

http://www.securityfocus.com/bid/95144
http://www.securitytracker.com/id/1037539
https://framework.zend.com/security/advisory/ZF2016-04
https://legalhackers.com/advisories/ZendFramework-Exploit-ZendMail-Remote-Code-Exec-CVE-2016-10034-Vuln.html
https://security.gentoo.org/glsa/201804-10
https://www.exploit-db.com/exploits/40979/
https://www.exploit-db.com/exploits/40986/
https://www.exploit-db.com/exploits/42221/

Vulnerability Database

289,784

CVE-2016-10034