PHPMailer security issue PHPMailer security issue
 

News:

CPG Release 1.6.27
change DB IP storage fields to accommodate IPv6 addresses
remove use of E_STRICT (PHP 8.4 deprecated)
update README to reflect new website
align code with new .com CPG website
correct deprecation in captcha

Main Menu

PHPMailer security issue

Started by jsalmeron, January 05, 2017, 09:38:44 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

jsalmeron

January 05, 2017, 09:38:44 AM
On 25.12.2016 a security issue (CVE-2016-10033) was found in the PHPMailer component for versions lower than 5.20. It seems you are using a lower version of PHPMailer in https://github.com/coppermine-gallery/cpg1.6.x/blob/develop/include/mailer.inc.php, could you confirm if the application is vulnerable?

More info: https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html

ron4mac

#1
January 05, 2017, 01:38:08 PM
It is possible that the application could be vulnerable to this issue if the site owner has certain options set. The possible vulnerability will be addressed as soon as possible.
Print
Go Up Pages1
User actions