21 January 2017,
Organic Traffic

PHPMailer, one of the most popular open source PHP libraries in use today, has run into problems of its own as Polish security researcher Dawid Golunski of Legal Hackers has discovered a critical vulnerability that leaves it susceptible to remote exploits.

How You Are Helping Hackers Steal Your Data

How You Are Helping Hackers Steal Your Data

We know hackers are all around us, and that's why we are extra paranoid about our online accounts…Read more

Specifics of the vulnerability in question (CVE-2016-10033) have yet to be revealed as Golunski is withholding technical details about the flaw due to how prevalent PHPMailer is.

Golunski did reveal the nature of the flaw though, and it appears that the flaw would allow an attacker to execute arbitrary code remotely in the context of the web server. This would then compromise the target web application.

security noticessecurity notices

In order to exploit this particular vulnerability, the attacker would target website components that send out emails with the help of a vulnerable version of the PHPMailer class. Such components include things like contact or feedback forms, registration forms, password email resets and many others.

Fortunately, Golunski has since reported this vulnerability to the developers of PHPMailer, and the developers have since patched said vulnerability with PHPMailer 5.2.18. As all version of PHPMailer prior to 5.2.18 are affected by this vulnerability, web administrators, and developers should update their PHPMailer as soon as possible.

security versionsecurity version

Source: The Hacker News

10 PHP Frameworks For Developers – Best Of

10 PHP Frameworks For Developers – Best Of

PHP, known as the most popular server-side scripting language in the world, has evolved a lot since the…Read more

Powered by WPeMatico

Buy Organic Traffic

Comments are closed.