Full Disclosure mailing list archives
Re: PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033]
From: Luigi Rosa <lists () luigirosa com>
Date: Tue, 27 Dec 2016 11:22:44 +0100
Dawid Golunski wrote on 26/12/2016 03:31:
Patching: Responsibly disclosed to PHPMailer team. They've released a critical security release. If you are using an affected release update to the 5.2.18 security release as advised at: https://github.com/PHPMailer/PHPMailer/blob/master/changelog.md
Am I wrong or the vulnerability only applies if you use the sendmail method to send messages and does not apply if you use SMTP on port 25?
I have patched all my PHPMailer installation yesterday, I am asking this only for personal curiosity.
Thank you -- Ciao, luigi / +--[Luigi Rosa]-- \ http://127.0.0.1 Error 404: No One Home _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033] Dawid Golunski (Dec 27)
- Re: PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033] Luigi Rosa (Dec 27)