Critical PHPMailer Flaw leaves Millions of Websites Vulnerable Rwanda

Dec 25 2016: A critical vulnerability has been discovered in PHPMailer, which is one of the most popular open source PHP libraries to send emails used by more than 9 Million users worldwide.
Millions of PHP websites and popular open source web applications, including WordPress, Drupal, 1CRM, SugarCRM, Yii, and Joomla comes with PHPMailer library for sending emails using a variety of methods, including SMTP to their users.

Discovered by Polish security researcher Dawid Golunski of Legal Hackers, the critical vulnerability (CVE-2016-10033) allows an attacker to remotely execute arbitrary code in the context of the web server and compromise the target web application.


"To exploit the vulnerability an attacker could target common website components such as contact/feedback forms, registration forms, password email resets and others that send out emails with the help of a vulnerable version of the PHPMailer class," Golunski writes in the advisory published today.
Golunski responsibly reported the vulnerability to the developers, who have patched the vulnerability in their new release, PHPMailer 5.2.18.

All versions of PHPMailer before the critical release of PHPMailer 5.2.18 are affected, so web administrators and developers are strongly recommended to update to the patched release.

Since The Hacker News is making the first public disclosure of the vulnerability in the news following Golunski advisory and millions of websites remain unpatched.

For more details please visit the following links

https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html

https://twitter.com/search?f=tweets&vertical=default&q=%23PhpMailer

 

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

How to Password Protect a Directory Rwanda

This tutorial will teach how to password protect a directory. Password protecting a directory...

How To Use The IP Deny Manager Rwanda

This tutorial will teach you how to use the IP Deny Manager to block access to your web site from...

Using Hotlink Protection Rwanda

Hotlink Protection prevents other web sites from directly linking to certain files (typically...

CAPTCHA Telling Humans and Computers Apart Automatically Rwanda

This tutorial is to explain CAPTCHA, an acronym which stands for "Completely Automated Public...

Ways to Secure Your WordPress Site Youve Probably Overlooked Rwanda

WordPress security is often referred to as œhardening. Makes sense. After all, the process is...