Live Helper Chat support forum.. Forum is locked. New place for questions - Github Discussions
You are not logged in.
- Topics: Active | Unanswered
Announcement
#1 2016-12-28 07:32:46
- speed4trade
- Member
- Registered: 2016-12-28
- Posts: 2
CVE-2016-10033 vulnerable PHPMailer used (version 5.0.2)
Hello,
a vulnerability has been detected in PHPMailer below version 5.2.18 which will allow remote code execution.
For details see:
https://legalhackers.com/advisories/PHP … -Vuln.html
Is it planned to update the used PHPMailer in version 5.0.2 to a current version which fixes the vulnerability?
Thank you in advance!
Tom
Offline
#2 2016-12-28 07:35:04
- remdex
- Administrator
- From: Lithuania
- Registered: 2012-09-23
- Posts: 3,661
- Website
Re: CVE-2016-10033 vulnerable PHPMailer used (version 5.0.2)
Yes, i'll update this evening. It's little risk in lhc itself, because sender is set only from back office as admin user.
Offline
#3 2016-12-28 07:48:43
- speed4trade
- Member
- Registered: 2016-12-28
- Posts: 2
Re: CVE-2016-10033 vulnerable PHPMailer used (version 5.0.2)
ok, thank you for this information. I just read that the first fix is also buggy and resulted in a new CVE:
https://legalhackers.com/advisories/PHP … ypass.html
Maybe it is good to wait till a final fix is available.
Offline
#4 2016-12-28 12:53:54
- remdex
- Administrator
- From: Lithuania
- Registered: 2012-09-23
- Posts: 3,661
- Website
Re: CVE-2016-10033 vulnerable PHPMailer used (version 5.0.2)
Fixed as stated here
https://github.com/LiveHelperChat/liveh … issues/951
Offline