PHPMailer Powered – Use It, But Also Remember to Update It

At the end of last year, a critical vulnerability in PHPMailer that affected millions of websites – CVE-2016-10033 –  was discovered by Polish security researcher Dawid. This vulnerability allows an attacker to compromise the target’s web application by executing remote code on the vulnerable web server.
There are numerous open source web applications that use PHPMailer as their main library for sending emails, including WordPress, Joomla, Yii, SugarCRM…
More than a month after PHPMailer released a patch for this critical…

Source: Security Bloggers Network @ February 17, 2017 at 03:21AM