Test ID:	1.3.6.1.4.1.25623.1.0.809773
Category:	Web application abuses
Title:	SwiftMailer RCE Vulnerability
Summary:	SwiftMailer is prone to a remote code execution (RCE) vulnerability.
Description:	Summary: SwiftMailer is prone to a remote code execution (RCE) vulnerability. Vulnerability Insight: The flaw exists due to: PHPMailer uses the Sender variable to build the params string. The validation is done using the RFC 3696 specification, which can allow emails to contain spaces when it has double quote. Vulnerability Impact: Successfully exploiting this issue allows an remote attacker to execute arbitrary code in the context of the web server and compromise the target web application. Affected Software/OS: SwiftMailer prior to version 5.4.5. Solution: Upgrade to SwiftMailer version 5.4.5 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-10074 BugTraq ID: 95140 http://www.securityfocus.com/bid/95140 Debian Security Information: DSA-3769 (Google Search) http://www.debian.org/security/2017/dsa-3769 https://www.exploit-db.com/exploits/40972/ https://www.exploit-db.com/exploits/40986/ https://www.exploit-db.com/exploits/42221/ http://seclists.org/fulldisclosure/2016/Dec/86 http://packetstormsecurity.com/files/140290/SwiftMailer-Remote-Code-Execution.html https://legalhackers.com/advisories/SwiftMailer-Exploit-Remote-Code-Exec-CVE-2016-10074-Vuln.html
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.