PHPMailer CVE-2016-10033
Hi,
PHPMailer CVE-2016-10033 (Critical)
legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html
github.com/PHPMailer/PHPMailer/blob/master/SECURITY.md
-
Is there any way to find which applications on the server are affected by this vulnerability, to shut them down until a patch is provided? 0 -
The following link will provide you with a variety of results that may be applicable to your installed applications. how do i find out if i use phpmailer - Google Search You may be able to extrapolate some common code, and use it to grep your hosting folders (don't forget that some applications/files may be stored outside of the web root) 0 -
find /home/ -name 'class.phpmailer.php' -print -exec grep -ni '%s["'\'">, $this->Sender' {} \;
could be a starting point or command for finding vulnerable files and line of code gist.github.com/cebe/d0f5631b432c520a2e6f6be8beddf1160 -
this exploit looks to easy to trigger, i'd guess its weaponized already ! FYI the file names change between different scripts for example class-phpmailer.php => wordpress phpmailer.php => Joomla class.phpmailer.php => whmcs So just looking for a filename is not a good solution. took us 2 hours to cut together, test and deploy a script that updated phpmailer on all clients sites,,,, get your scripting heads on dudes ! 0 -
took us 2 hours to cut together, test and deploy a script that updated phpmailer on all clients sites,,,, get your scripting heads on dudes !
Care to share this script?0 -
Another critical security update: If you patched or updated to 5.2.18 to fix CVE-2016-10033, you should update again to at least 5.2.20 to address CVE-2016-10045 This advisory is rated CRITICAL and Patch Now 0 -
Hi all, With the recent announcement of new critical PHP vulnerabilities (namely PHPMailer - CVE-2016-10033). Is there anything particular needing to be carried out on WHM servers to keep them safe from bots/hackers looking to take advantage of this? I saw this on my Twitter feed: 0 -
PHPMailer is a script used by many php applications. Joomla, Wordpress and WHMCS are all examples of scripts that use it in one form or another. As such, the vulnerability/exploit is not confined to cPanel servers, but rather to any server that hosts a php application containing the unpatched code. Some application packages like WHMCS have already issued patches in the form of updates, others are advising us that their particular implementation of the phpmailer class is not vulnerable, whilst others recommend one carefully checks any add-ons or 3rd party modules for their own updates. If you are worried about your applications, you can patch the file manually, either from the diffs, or by replacing it with up-to-date files from GitHub - PHPMailer/PHPMailer: The classic email sending library for PHP Remember this is not just an isolated case, it highlights the importance of being ever vigilant, and ensuring that all scripts that run on your server are patched to the latest version, and that any that are no longer supported and have been abandoned by their developers are either sandboxed or preferably deleted. 0 -
Hello, I'd like to clarify for anyone browsing this thread for the first time that this vulnerability does not affect the cPanel/WHM product itself. It's specifically related to the PHPMailer class, which is not included in cPanel/WHM. That said, some third-party applications offered as cPAddons (e.g. WordPress) do include PHPMailer and may be vulnerable to CVE-2016-10045. It is recommended that any and all PHPMailer class installations are updated to a minimum of version 5.2.20. This is outlined in the following third-party links: Critical security update: PHPMailer 5.2.20 (CVE-2016-10045) - SANS Internet Storm Center About the CVE 2016 10033 and CVE 2016 10045 vulnerabilities PHPMailer/PHPMailer Wiki " GitHub Thank you. 0
Please sign in to leave a comment.
Comments
9 comments