CVE-2016-10034
N/A
N/A
Summary
The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " (backslash double quote) in a crafted e-mail address.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://security.gentoo.org/glsa/201804-10
- https://www.exploit-db.com/exploits/42221/
- https://framework.zend.com/security/advisory/ZF2016-04
- https://legalhackers.com/advisories/ZendFramework-Exploit-ZendMail-Remote-Code-Exec-CVE-2016-10034-Vuln.html
- https://www.exploit-db.com/exploits/40979/
- http://www.securitytracker.com/id/1037539
- https://www.exploit-db.com/exploits/40986/
- http://www.securityfocus.com/bid/95144
References
- https://security.gentoo.org/glsa/201804-10
- https://www.exploit-db.com/exploits/42221/
- https://framework.zend.com/security/advisory/ZF2016-04
- https://legalhackers.com/advisories/ZendFramework-Exploit-ZendMail-Remote-Code-Exec-CVE-2016-10034-Vuln.html
- https://www.exploit-db.com/exploits/40979/
- http://www.securitytracker.com/id/1037539
- https://www.exploit-db.com/exploits/40986/
- http://www.securityfocus.com/bid/95144
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.