CVE-2016-10033CISA KEV: Actively Exploited

PHPMailer Command Injection Vulnerability

Published Jul 7, 2025·Updated Jul 7, 2025

Description

PHPMailer contains a command injection vulnerability because it fails to sanitize user-supplied input. Specifically, this issue affects the 'mail()' function of 'class.phpmailer.php' script. An attacker can exploit this issue to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition.

Public Exploits & PoCs16 found

PoC: exploit-CVE-2016-10033

PHPMailer < 5.2.18 Remote Code Execution exploit and vulnerable container

381

PoC: CVE-2016-10033

RCE against WordPress 4.6; Python port of https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html

10

PoC: safeshell

Prevent PHP vulnerabilities similar to CVE-2016-10033 and CVE-2016-10045.

8

PoC: CVE-2016-10033

PHPMailer < 5.2.18 Remote Code Execution Exploit

7

PoC: CVE-2016-10033

Code and vulnerable WordPress container for exploiting CVE-2016-10033

2

PoC: CVE-2016-10033

Remote Code Execution vulnerability in PHPMailer.

1

PoC: opsxcq-cve-2016-10033

To solve CTFS.me problem

1

PoC: cve-2016-10033-45

Exploits CVE-2016-10033 and CVE-2016-10045

1

PoC: CVE-2016-10033-PoC

A PoC of CVE-2016-10033 I made for PentesterLab

PoC: POC-CVE-2016-10033

Proof Of Concept for the CVE-2016-10033 (PHPMailer)

PoC: CVE-2016-10033

CVE-2016-10033 Wordpress 4.6 Exploit

PoC: CTF_CVE-2016-10033

CTF based around CVE-2016-10033

PoC: CVE-2016-10033

wordpress docker

PoC: exploit-CVE-2016-10033

PHPMailer < 5.2.18 Remote Code Execution

PoC: cve-2016-10033

cve-2016-10033

PoC: CVE-2016-10033

WordPress 4.6 - Remote Code Execution (RCE) PoC Exploit

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free