QwikSec

Security Database

CVE

CWE

Training

CVE-2016-10034

Published: Dec 30, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_GENTOO

exploit

x_refsource_EXPLOIT-DB

https://framework.zend.com/security/advisory/ZF2016-04

x_refsource_CONFIRM

https://legalhackers.com/advisories/ZendFramework-Exploit-ZendMail-Remote-Code-Exec-CVE-2016-10034-Vuln.html

x_refsource_MISC

exploit

x_refsource_EXPLOIT-DB

vdb-entry

x_refsource_SECTRACK

exploit

x_refsource_EXPLOIT-DB

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2016-10034 - Security Vulnerability | QwikSec