CVE-2016-10034
CVE-2016-10034
The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address.
Productos afectados
n/a · n/aPoCs públicas encontradas — 7
githubgithub.com/heikipikker/exploit-CVE-2016-10034★ 0cve_referencewww.exploit-db.com/exploits/42221/no verificadocve_referencewww.exploit-db.com/exploits/40986/no verificadoexploitdbwww.exploit-db.com/exploits/42221no verificadoexploitdbwww.exploit-db.com/exploits/40979no verificadocve_referencewww.exploit-db.com/exploits/40979/no verificadoexploitdbwww.exploit-db.com/exploits/40986no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://framework.zend.com/security/advisory/ZF2016-04https://legalhackers.com/advisories/ZendFramework-Exploit-ZendMail-Remote-Code-Exec-CVE-2016-10034-Vuln.htmlhttps://security.gentoo.org/glsa/201804-10https://www.exploit-db.com/exploits/40979/https://www.exploit-db.com/exploits/40986/https://www.exploit-db.com/exploits/42221/http://www.securityfocus.com/bid/95144http://www.securitytracker.com/id/1037539