vulnerability context

CVE-2016-10034

CVSS 9.8 CRITICALEPSS 98%CWE-77

The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address.

Published 2016-12-30 · last modified 2026-06-17

details

CISA KEV status: Not in catalog
CVSS v3: 9.8 / CRITICAL
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS: 98% percentile (score 0.3844)
CWE: CWE-77
OTX pulses: 0 total, 0 recent

View on NVD → · cve.org

source mentions 1

[CyberHub] 📌 CVE-2016-10034 - The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6...Bluesky:@cyberhub.blog · 1h ago

source consensus

Bluesky:@cyberhub.blog1×

Want the 3-bullet summary of CVE-2016-10034, plus webhook alerts when KEV is updated? Pro is $10/mo.

Open in reader See Pro →