Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: PHPMailer security issue  (Read 2792 times)

0 Members and 1 Guest are viewing this topic.

jsalmeron

  • Coppermine newbie
  • Offline Offline
  • Posts: 1
PHPMailer security issue
« on: January 05, 2017, 09:38:44 am »

On 25.12.2016 a security issue (CVE-2016-10033) was found in the PHPMailer component for versions lower than 5.20. It seems you are using a lower version of PHPMailer in https://github.com/coppermine-gallery/cpg1.6.x/blob/develop/include/mailer.inc.php, could you confirm if the application is vulnerable?

More info: https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html
Logged

ron4mac

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: us
  • Offline Offline
  • Posts: 1086
Re: PHPMailer security issue
« Reply #1 on: January 05, 2017, 01:38:08 pm »

It is possible that the application could be vulnerable to this issue if the site owner has certain options set. The possible vulnerability will be addressed as soon as possible.
Logged
Pages: [1]   Go Up
 

Page created in 0.014 seconds with 20 queries.