Critical flaw in PHPMailer Puts millions of site at risk

PHPMailer < 5.2.18 - Remote Code Execution CVE-2016-10033

PHPMailer is a real classic email sending tool which is created in PHP and is being used by tons of website over the internet if I take a rough guess it is used by 9 million websites. And guess what is the most fun part  😈 ? This is because of a newly found vulnerability in PHPMailer version 5.2.18.

This vulnerability affects the sites running PHPMailer and allows the hacker to executed system commands and completely take control of the targets website.

– Discovered by: Dawid Golunski
– dawid[at]

– CVE-2016-10045
– Release date: 27.12.2016
– Last revision: 28.12.2016
– Revision 3.0
– Severity: Critical

Exploit :-


“PHPMailer continues to be the world’s most popular transport class, with an
estimated 9 million users worldwide. Downloads continue at a significant
pace daily.”
“Probably the world’s most popular code for sending email from PHP!
Used by many open-source projects: WordPress, Drupal, 1CRM, SugarCRM, Yii,
Joomla! and many more”


More Information regarding this vulnerability can be found on the original site over here:-


How to Fix this:-

Fix to this issue have been released and the best practice is to update your PHPMailer on your site.


Please enter your comment!
Please enter your name here