Forum² Admin AWS Posted December 27, 2016 Forum² Admin Posted December 27, 2016 Many of us use Wordpress along side the forum software of choice. I just seen this pop up on Hack News a couple hours ago. A critical vulnerability has been discovered in PHPMailer, which is one of the most popular open source PHP libraries to send emails used by more than 9 Million users worldwide. Millions of PHP websites and popular open source web applications, including WordPress, Drupal, 1CRM, SugarCRM, Yii, and Joomla comes with PHPMailer library for sending emails using a variety of methods, including SMTP to their users. Discovered by Polish security researcher Dawid Golunski of Legal Hackers, the critical vulnerability (CVE-2016-10033) allows an attacker to remotely execute arbitrary code in the context of the web server and compromise the target web application. "To exploit the vulnerability an attacker could target common website components such as contact/feedback forms, registration forms, password email resets and others that send out emails with the help of a vulnerable version of the PHPMailer class," Golunski writes in the advisory published today. Golunski responsibly reported the vulnerability to the developers, who have patched the vulnerability in their new release, PHPMailer 5.2.18. I'm sure Wordpress will have a fix out soon. Since I am proactive I used the fix supplied in the Wordpress Codex. Quote IPB Webmaster - For Invision Community Enthusiasts - SEO Help Forum
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.