← voltar
CVE-2016-10034

CVE-2016-10034

EPSS 38.4%
The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address.
Produtos afetados
n/a · n/a
PoCs públicas encontradas7
githubgithub.com/heikipikker/exploit-CVE-2016-100340cve_referencewww.exploit-db.com/exploits/42221/não verificadocve_referencewww.exploit-db.com/exploits/40986/não verificadoexploitdbwww.exploit-db.com/exploits/42221não verificadoexploitdbwww.exploit-db.com/exploits/40979não verificadocve_referencewww.exploit-db.com/exploits/40979/não verificadoexploitdbwww.exploit-db.com/exploits/40986não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://framework.zend.com/security/advisory/ZF2016-04https://legalhackers.com/advisories/ZendFramework-Exploit-ZendMail-Remote-Code-Exec-CVE-2016-10034-Vuln.htmlhttps://security.gentoo.org/glsa/201804-10https://www.exploit-db.com/exploits/40979/https://www.exploit-db.com/exploits/40986/https://www.exploit-db.com/exploits/42221/http://www.securityfocus.com/bid/95144http://www.securitytracker.com/id/1037539