Intruder Vulnerability Bulletin — PHPMailer, SwiftMailer & ZendFramework Code Execution Vulnerabilities
SHARE
back to BLOG

Intruder Vulnerability Bulletin — PHPMailer, SwiftMailer & ZendFramework Code Execution Vulnerabilities

David Robinson

A number of vulnerabilities were recently discovered, which affect email sending functionality in the following software libraries:

If successfully exploited, these weaknesses allow a remote attacker to compromise the affected system by executing arbitrary commands.As with last week’s bulletin about PHPMailer (which is affected once again), it’s worth noting that, whether an application using these libraries is vulnerable, and how easily it is to exploit, depends heavily on how the libraries are used in each instance. Information has not currently been released regarding how these vulnerabilities might affect 3rd party software which use the libraries (eg. WordPress, Joomla, SugarCRM, 1CRM, Yii, Symfony, Laravel and more).Software using these libraries should be updated at the next available opportunity. Until the vulnerability is patched within 3rd party software, one workaround is to update the libraries yourself, though we expect to start seeing vendor updates released over the next few days.Further details of these vulnerabilities can be found at:

https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html

https://legalhackers.com/advisories/SwiftMailer-Exploit-Remote-Code-Exec-CVE-2016-10074-Vuln.html

https://legalhackers.com/advisories/ZendFramework-Exploit-ZendMail-Remote-Code-Exec-CVE-2016-10034-Vuln.html

Written by

David Robinson

Recommended articles

Ready to get started with your 30-day trial?

try for free
BACK TO TOP