CVE-2016-10033CISA KEVEPSS p100.0%

CVE-2016-10033PHPMailer Command Injection Vulnerability

PHP / PHPMailer

Description

PHPMailer contains a command injection vulnerability because it fails to sanitize user-supplied input. Specifically, this issue affects the 'mail()' function of 'class.phpmailer.php' script. An attacker can exploit this issue to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition.

Scoring

EPSS99.71% probability of exploitation · percentile 100.0% · 2026-06-15T12:03:41Z

CISA KEV entry

Added to KEV: 2025-07-07

(incoming)1

TypeTargetConfidenceTier
KEVEntryPHPMailer Command Injection Vulnerabilitykev-cve-2016-100330%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
PHPUnit Command Injection Vulnerability
CVE
PHP FastCGI Process Manager (FPM) Buffer Overflow Vulnerability
CVE
CVE-2026-8599
CVE
CVE-2025-67478
CVE
Exim Mail Transfer Agent (MTA) Improper Input Validation
CVE
Roundcube Webmail File Disclosure Vulnerability
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.