{"id":"ALPINE-CVE-2016-10033","details":"The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \\\" (backslash double quote) in a crafted Sender property.","modified":"2025-11-19T05:59:27.267599Z","published":"2016-12-30T19:59:00.137Z","upstream":["CVE-2016-10033"],"references":[{"type":"ADVISORY","url":"https://security.alpinelinux.org/vuln/CVE-2016-10033"}],"affected":[{"package":{"name":"php-phpmailer","ecosystem":"Alpine:v3.2","purl":"pkg:apk/alpine/php-phpmailer?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.2.4-r0"}]}],"versions":["5.2.0-r0"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2016-10033.json"}},{"package":{"name":"php-phpmailer","ecosystem":"Alpine:v3.3","purl":"pkg:apk/alpine/php-phpmailer?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.2.4-r0"}]}],"versions":["5.2.0-r0"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2016-10033.json"}},{"package":{"name":"php5-phpmailer","ecosystem":"Alpine:v3.4","purl":"pkg:apk/alpine/php5-phpmailer?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.2.0-r1"}]}],"versions":["5.2.0-r0"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2016-10033.json"}},{"package":{"name":"php5-phpmailer","ecosystem":"Alpine:v3.5","purl":"pkg:apk/alpine/php5-phpmailer?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.2.4-r1"}]}],"versions":["5.2.0-r0","5.2.4-r0"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2016-10033.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}