Joomla Improper Neutralization of Argument Delimiters in a Command (Argument Injection) Vulnerability - CVE-2016-10033 - Vulnerability Database

Joomla

Joomla Improper Neutralization of Argument Delimiters in a Command (Argument Injection) Vulnerability - CVE-2016-10033

Critical

Reference: CVE-2016-10033

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2016-10033

Title: Joomla Improper Neutralization of Argument Delimiters in a Command (Argument Injection) Vulnerability

Overview:

The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a quot (backslash double quote) in a crafted Sender property.