CVE - 2016-10033 (PHPMailer) / Remote Code Execution (RCE)
Version - PHPMailer < 5.2.18
Solution
1- Update to 5.2.18 [2]
POC
[1]: https://www.exploit-db.com/exploits/40968/
Ref
[1]: https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html
[2]: https://github.com/PHPMailer/PHPMailer/blob/master/SECURITY.md