forum.coppermine-gallery.net

Support => cpg1.5.x Support => cpg1.5 email => Topic started by: jsalmeron on January 05, 2017, 09:38:44 am

Title: PHPMailer security issue
Post by: jsalmeron on January 05, 2017, 09:38:44 am

On 25.12.2016 a security issue (CVE-2016-10033) was found in the PHPMailer component for versions lower than 5.20. It seems you are using a lower version of PHPMailer in https://github.com/coppermine-gallery/cpg1.6.x/blob/develop/include/mailer.inc.php, could you confirm if the application is vulnerable?

More info: https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html

Title: Re: PHPMailer security issue
Post by: ron4mac on January 05, 2017, 01:38:08 pm

It is possible that the application could be vulnerable to this issue if the site owner has certain options set. The possible vulnerability will be addressed as soon as possible.