Intruder Vulnerability Bulletin — PHPMailer Code Execution Vulnerability
SHARE
back to BLOG

Intruder Vulnerability Bulletin — PHPMailer Code Execution Vulnerability

David Robinson

A vulnerability in the PHPMailer library was recently discovered, which affects versions of the software before 5.2.18.

If successfully exploited, this weakness allow a remote attacker to compromise the affected system by executing arbitrary commands.

It’s worth noting that, whether an application using the library is vulnerable, and how easily it is to exploit, depends heavily on how the library was used in each instance. Information has not currently been released regarding how this vulnerability might affect 3rd party software which uses the library (eg. WordPress, Joomla, SugarCRM, 1CRM, Yii, and more).

Software using the PHPMailer library should be updated at the next available opportunity. Until the vulnerability is patched within 3rd party software, one workaround is to update the library yourself (eg. updating the “/libraries/vendor/phpmailer/” directory in Joomla), though we expect to start seeing vendor updates released over the next few days.

Further details of this vulnerability can be found at:

http://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html

Get Our Free "Ultimate Guide to Vulnerability Scanning"
Learn everything you need to get started with vulnerability scanning and how to get the most out of your chosen product with our free PDF guide.
DOWNLOAD OUR FREE PDF GUIDE 

Written by

David Robinson

Recommended articles

Ready to get started with your 30-day trial?

try for free
BACK TO TOP