SwiftMailer Exploit Remote Code Exec


New Member
Hi guys, i got some news from https://legalhackers[dot]com
about SwiftMailer & PHP Mailer was Exploit Remote Code Exec.


May i know which version is used SwiftMailer in this mailwizz What version? whether the existing patch fixes for security reason?

  1. SwiftMailer <= 5.4.5-DEV Remote Code Execution (CVE-2016-10074) [unpatched]
  2. PHPMailer < 5.2.20 Remote Code Execution (CVE-2016-10045) (0day Patch Bypass/Exploit)
  3. PHPMailer < 5.2.18 Remote Code Execution (CVE-2016-10033)



Staff member
@Topan / @daemon / @frm.mwz - As far as i can see, this cannot affect mailwizz because of the checks we do before we actually pass the params to the swiftmailer / phpmailer, so you should be safe.
Anyway, i will be upgrading the libraries today and issue an update, just to make sure we're all good.


Staff member
As i said, mailwizz is safe of this exploit that is why i didn't hurry an update just yet, will make time to issue one and you'll see it in the announcements area.