vulnerability in phpmailer
Category : Security
Published by phppp on 14-Jun-2007 12:37
A vulnerability is reported in PHPMailer, which can be exploited by malicious people to compromise a vulnerable system if Sendmail method is enabled.
Although the issue is not critical in XOOPS environment, we would suggest to switch to other methods than Sendmail, or to download quick fixes:
fix for XOOPS 2.0*
fix for XOOPS 2.2*
Note: official response and solutions are still being waited from phpmailer development group, and will be released in XOOPS 2.017 and XOOPS 2.25
Thank GIJOE, irmtfan, vaughan etc for reporting and solutions.
Although the issue is not critical in XOOPS environment, we would suggest to switch to other methods than Sendmail, or to download quick fixes:
fix for XOOPS 2.0*
fix for XOOPS 2.2*
Note: official response and solutions are still being waited from phpmailer development group, and will be released in XOOPS 2.017 and XOOPS 2.25
Thank GIJOE, irmtfan, vaughan etc for reporting and solutions.