Fluid Attacks Database

Description

Swift Mailer mail transport Command Injection The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " (backslash double quote) in a crafted e-mail address in the (1) From, (2) ReturnPath, or (3) Sender header.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
packagist	swiftmailer/swiftmailer	>=0 <5.4.5	5.4.5
debian 11	libphp-swiftmailer	>=0 <5.4.2-1.1	5.4.2-1.1
debian 12	libphp-swiftmailer	>=0 <5.4.2-1.1	5.4.2-1.1
debian 14	libphp-swiftmailer	=4.0.6-1 \|\| =4.1.0-1 \|\| =4.1.0-2 \|\| =4.1.2-1 \|\| =4.1.3-1 \|\| =4.1.5-1 \|\| =4.1.5-1~bpo60+1 \|\| =4.2.0-1 \|\| =4.2.1-1 \|\| =5.2.1-1 \|\| =5.2.2-1 \|\| =5.4.1-1 \|\| =5.4.2-1 \|\| >=0 <5.4.2-1.1	5.4.2-1.1

Aliases

1. CVE-2016-100742. NVD-2016-100743. OSV-2016-100744. OSV-DEBIAN-2016-100745. GCVE-2016-100746. SECURITY-TRACKER-CVE-2016-10074

References

1. https://github.com/FriendsOfPHP/security-advisories/blob/master/swiftmailer/swiftmailer/CVE-2016-10074.yaml2. https://github.com/swiftmailer/swiftmailer/blob/5.x/CHANGES3. https://legalhackers.com/advisories/SwiftMailer-Exploit-Remote-Code-Exec-CVE-2016-10074-Vuln.html4. https://www.exploit-db.com/exploits/409725. https://www.exploit-db.com/exploits/409866. https://www.exploit-db.com/exploits/422217. http://packetstormsecurity.com/files/140290/SwiftMailer-Remote-Code-Execution.html8. http://seclists.org/fulldisclosure/2016/Dec/869. http://www.debian.org/security/2017/dsa-376910. http://www.securityfocus.com/bid/95140