Full Disclosure mailing list archives

Re: PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033]

From: Luigi Rosa <lists () luigirosa com>
Date: Tue, 27 Dec 2016 11:22:44 +0100

Dawid Golunski wrote on 26/12/2016 03:31:

Patching:
Responsibly disclosed to PHPMailer team.
They've released a critical security release.
If you are using an affected release update to the 5.2.18 security
release as advised at:
https://github.com/PHPMailer/PHPMailer/blob/master/changelog.md

Am I wrong or the vulnerability only applies if you use the sendmail method tosend messages and does not apply if you use SMTP on port 25?

I have patched all my PHPMailer installation yesterday, I am asking this onlyfor personal curiosity.


Thank you

--


Ciao,
luigi

/
+--[Luigi Rosa]--
\

http://127.0.0.1
Error 404: No One Home

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Current thread:

PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033] Dawid Golunski (Dec 27)
- Re: PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033] Luigi Rosa (Dec 27)