Skip to main content

Posts

Showing posts with the label PHPMailer Hacking prevent

How to Prevent your website to hack with PHPMailer library

The vulnerability could allow attackers execute arbitrary shell commands on web servers A critical remote code execution vulnerability in PHPMailer, one of the most widely used PHP email sending libraries, could put millions of websites at risk of hacking. The flaw  was found  by a security researcher named Dawid Golunski and an initial fix was included in PHPMailer 5.2.18, which was  released on 28 Dec 2016 . However, it turns out that the patch was incomplete and  can be bypassed . The PHPMailer library is used directly or indirectly by many content management systems (CMSs) including WordPress, Joomla and Drupal. Where the library is not included in their core code, it is likely available as a separate module or can be bundled with third-party add-ons. Because of this, the flaw's impact can vary from website to website. For example, the Joomla security team determined that the Joomla JMail class, which relies on PHPMailer, has additional validations ...