Posted by Dawid Golunski on Dec 27

PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit
(CVE-2016-10045) (Bypass of the CVE-2016-1033 patch)

Discovered by Dawid Golunski (@dawid_golunski)
https://legalhackers.com

Desc:

I discovered that the current PHPMailer versions (< 5.2.20) were still
vulnerable to RCE as it is possible to bypass the currently available
patch.

This was reported responsibly to the vendor & assigned a CVEID on the
26th of December.
The vendor…