View at Official ubuntu advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2016-10033 medium priority: Ubuntu including 1 source packages (libphp-phpmailer), 16 status rows across 16 suites (artful, bionic, cosmic, disco, eoan, focal, groovy, hirsute, impish, jammy, precise, trusty, upstream, xenial, yakkety, zesty): not-affected 11, ignored 2, released 2, DNE 1.
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.