Test ID:	1.3.6.1.4.1.25623.1.1.10.2017.0022
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2017-0022)
Summary:	The remote host is missing an update for the 'php-phpmailer' package(s) announced via the MGASA-2017-0022 advisory.
Description:	Summary: The remote host is missing an update for the 'php-phpmailer' package(s) announced via the MGASA-2017-0022 advisory. Vulnerability Insight: It was discovered that PHPMailer, a popular library to send email from PHP applications, allowed a remote attacker to execute code if they were able to provide a crafted Sender address (CVE-2016-10033). It was discovered that PHPMailer prior to 5.2.22 contained a local file disclosure vulnerability if content passed to `msgHTML()` was sourced from unfiltered user input (CVE-2017-5223). Affected Software/OS: 'php-phpmailer' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-10033 BugTraq ID: 95108 http://www.securityfocus.com/bid/95108 Bugtraq: 20161227 PHPMailer < 5.2.18 Remote Code Execution [updated advisory] [CVE-2016-10033] (Google Search) http://www.securityfocus.com/archive/1/539963/100/0/threaded https://www.exploit-db.com/exploits/40968/ https://www.exploit-db.com/exploits/40969/ https://www.exploit-db.com/exploits/40970/ https://www.exploit-db.com/exploits/40974/ https://www.exploit-db.com/exploits/40986/ https://www.exploit-db.com/exploits/41962/ https://www.exploit-db.com/exploits/41996/ https://www.exploit-db.com/exploits/42024/ https://www.exploit-db.com/exploits/42221/ http://seclists.org/fulldisclosure/2016/Dec/78 http://packetstormsecurity.com/files/140291/PHPMailer-Remote-Code-Execution.html http://packetstormsecurity.com/files/140350/PHPMailer-Sendmail-Argument-Injection.html http://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html http://www.securitytracker.com/id/1037533 Common Vulnerability Exposure (CVE) ID: CVE-2017-5223 BugTraq ID: 95328 http://www.securityfocus.com/bid/95328 https://www.exploit-db.com/exploits/43056/ http://kalilinux.co/2017/01/12/phpmailer-cve-2017-5223-local-information-disclosure-vulnerability-analysis/ https://github.com/PHPMailer/PHPMailer/blob/master/SECURITY.md
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.