Security Alert (A16-12-07): Vulnerability in PHPMailer


 

Published on: 28 December 2016

  
  

Description:

A vulnerability is found in the PHPMailer plugin that could lead to remote arbitrary code execution. A remote attacker could exploit the vulnerability by sending specially crafted form data.

 

Affected Systems:

  • Joomla CMS version 1.6.0 through 3.6.5
  • Drupal version 6.x to 7.x
  • WordPress version 4.7 and earlier
  • Other PHP applications using PHPMailer with version prior to 5.2.20.

 

Impact:

A successful attack could lead to remote arbitrary code execution and compromise the web application on the affected system.

 

Recommendation:

The PHPMailer version 5.2.20 has been released to address the issue. Users of affected systems should follow the recommendations provided by the application vendors to take immediate actions to mitigate the risk.

 

More Information:

https://www.drupal.org/psa-2016-004
https://developer.joomla.org/security-centre.html
https://wordpress.org/support/topic/security-urgent-critical-php-mailer-vulnerability/
https://www.hkcert.org/my_url/en/alert/16122801 



Tag: Joomla , Drupal , WordPress , PHPMailer
Tags