PHPMailer versions up to and including 5.2.19 are affected by a vulnerability which can be leveraged by an attacker to write a file with partially controlled contents to an arbitrary location through injection of arguments that are passed to the sendmail binary. This Metasploit module writes a payload to the web root of the webserver before then executing it with an HTTP request. The user running PHPMailer must have write access to the specified WEB_ROOT directory and successful exploitation can take a few minutes.
70cf2a666368f1670d184b2da81850b9fd8aabe74acc4c71858fb6c372248cc8
This proof of concept exploit aims to execute a reverse shell on the target in the context of the web server user via a vulnerable PHP email library.
a6480837acf975f49749549e06ab31dc5538b6276d390b38aa0f7a89e63148d0
PHPMailer versions prior to 5.2.20 zero day remote code execution exploit. This bypasses the CVE-2016-10033 patch.
773582183b0cfc6f38ae24f52f7dfb831cd2f3410287245bc6daea84d4d8db83