SwiftMailer Exploit Remote Code Exec

Topan

New Member
Hi guys, i got some news from https://legalhackers[dot]com
about SwiftMailer & PHP Mailer was Exploit Remote Code Exec.

https://legalhackers.com/advisories/SwiftMailer-Exploit-Remote-Code-Exec-CVE-2016-10074-Vuln.html

May i know which version is used SwiftMailer in this mailwizz What version? whether the existing patch fixes for security reason?

  1. SwiftMailer <= 5.4.5-DEV Remote Code Execution (CVE-2016-10074) [unpatched]
  2. PHPMailer < 5.2.20 Remote Code Execution (CVE-2016-10045) (0day Patch Bypass/Exploit)
  3. PHPMailer < 5.2.18 Remote Code Execution (CVE-2016-10033)

Thanks,
 

twisted1919

Administrator
Staff member
@Topan / @daemon / @frm.mwz - As far as i can see, this cannot affect mailwizz because of the checks we do before we actually pass the params to the swiftmailer / phpmailer, so you should be safe.
Anyway, i will be upgrading the libraries today and issue an update, just to make sure we're all good.
 

twisted1919

Administrator
Staff member
As i said, mailwizz is safe of this exploit that is why i didn't hurry an update just yet, will make time to issue one and you'll see it in the announcements area.
 
Top