News

Developers close vulnerability in PHPMailer

By admin
Spread the love

Older versions of the popular PHP script for automatically sending mail, PHPMailer, have been found to contain a vulnerability that could allow an attacker to execute code remotely. In the latest version, the developers have solved the problem.

To exploit the PHPMailer vulnerability labeled CVE-2016-10033, an attacker only needs to make the web application send a mail through the vulnerable PHPMailer class, for example via contact, feedback and registration forms or resetting email passwords. The attacker can then execute code remotely as a web server user. That describes the Polish security researcher Dawid Golunski of Legal Hackers, who also developed an exploit. He will announce the exact details at a later date to give administrators time to update the code.

The developers of PHPMailer are urging all users to update their version to version 5.2.18. The problem has been resolved with this current version. PHPMailer is one of the most widely used PHP libraries and is used in WordPress, Joomla, Drupal, SugarCRM and Mantis, among others. According to BleepingComputer, exploit code developed by third parties has also appeared online.

You might also like
News

EU Council determines position on security requirements for digital products

News

Citrix warns of critical vulnerability in NetScaler ADC and Gateway

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Sony and Microsoft sign agreement to keep Call of Duty on PlayStation

News

Valve releases major Team Fortress 2 update with community maps and new taunts

News

Proton releases Windows app for encrypted cloud storage service Proton Drive