1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Vulnerability in PHPMailer.

Discussion in 'Web Design' started by Vapys, Dec 27, 2016.

  1. Vapys

    Vapys Regular Member

    Joined:
    Aug 17, 2016
    Messages:
    291
    Likes Received:
    138
    Copy and paste from WordFence..

    We're publishing an unscheduled post this afternoon about a vulnerability in PHPMailer that emerged within the past 24 hours. This will have a wide impact on the PHP ecosystem, including on WordPress core.

    About 24 hours ago the existence of a remote code execution vulnerability in PHPMailer was published by a researcher. They did not release a proof-of-concept. Since then a proof of concept has been made public a few hours ago and developers are scrambling to release patches to their customers, including the WordPress core team.

    We have published full details on our blog with links to discussion and resources, including what to do if you are a WordPress user or a PHP developer....


    Regards,



    Mark Maunder
    Wordfence Founder & CEO
     
  2. Sam Green

    Sam Green Junior Member

    Joined:
    Dec 15, 2016
    Messages:
    134
    Likes Received:
    30
    another day another vulnerability in a widely used PHP application...
     
  3. nikchaing

    nikchaing Jr. VIP Jr. VIP UnGagged Attendee

    Joined:
    Apr 24, 2013
    Messages:
    1,114
    Likes Received:
    2,186
    Location:
    Florida
    yea seriously, if it's not one thing it's another
     
  4. tasburrfoot

    tasburrfoot Regular Member

    Joined:
    Dec 16, 2008
    Messages:
    323
    Likes Received:
    152
    It's a pretty bad design flaw, but end users should be validating input anyways, so this exploit really shouldn't do much damage.