Wednesday, December 28, 2016

PHPMailer Security Bug

Tom Spring:

A critical PHPMailer bug tied to the way websites handle email and feedback forms is leaving millions of websites hosted on popular web-publishing platforms such as WordPress, Drupal and Joomla open to attack.


Golunski says the Sendemail validation is done using the RFC 3696 specification that in some circumstances allows hackers to add quotes and characters within an email address. When unverified, those quotes and characters can be interpreted as command line arguments that create the remote code execution vulnerability in PHPMailer.

As soon as I read about this, I started seeing 404s for PHPMailer in my Apache logs. So it seems that hackers are already probing to find sites that have it installed.

Update (2017-01-04): Kenn White:

Oh this will be particularly nasty, particularly since the majority of (tens of millions of?) site owners don’t know they’re running it.

Comments RSS · Twitter

Leave a Comment