PHPMailer < 5.2.20 Remote Code Execution (0day Patch Bypass/exploit)
https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html [legalhackers.com]
2016-12-29 07:13
First fix didn’t take. Shell quoting is hard. Just don’t.
Previously: https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html
Also: https://legalhackers.com/advisories/SwiftMailer-Exploit-Remote-Code-Exec-CVE-2016-10074-Vuln.html