PatchSiren

PHP CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

Known exploited PHP CVE published 2025-07-07

CVE-2016-10033

CVE-2016-10033 is a command injection vulnerability in PHPMailer, an open-source PHP mail component. CISA lists it in the Known Exploited Vulnerabilities (KEV) catalog, which means affected environments should treat it as a high-priority remediation item. The supplied CISA metadata sets the mitigation due date to 2025-07-28.