From $URL: I. VULNERABILITY ------------------------- PHPMailer < 5.2.18 Remote Code Execution II. BACKGROUND ------------------------- "PHPMailer continues to be the world's most popular transport class, with an estimated 9 million users worldwide. Downloads continue at a significant pace daily." http://phpmailer.worxware.com/ "Probably the world's most popular code for sending email from PHP! Used by many open-source projects: WordPress, Drupal, 1CRM, SugarCRM, Yii, Joomla! and many more" https://github.com/PHPMailer/PHPMailer III. INTRODUCTION ------------------------- An independent research uncovered a critical vulnerability in PHPMailer that could potentially be used by (unauthenticated) remote attackers to achieve remote arbitrary code execution in the context of the web server user and remotely compromise the target web application. To exploit the vulnerability an attacker could target common website components such as contact/feedback forms, registration forms, password email resets and others that send out emails with the help of a vulnerable version of the PHPMailer class. Note: This is a limited advisory to give users a chance to urgently update their PHPMailer class before disclosing the details. Details of this vulnerability will be published shortly. IV. DESCRIPTION ------------------------- To be released V. PROOF OF CONCEPT EXPLOIT ------------------------- The researcher has developed a working RCE PoC exploit. The exploit will be published at a later date. The researcher also developed an Unauthenticated RCE exploit for a popular open-source application (deployed on the Internet on more than a million servers) as a PoC for real-world exploitation. It might be published after the vendor has fixed the vulnerabilities. Video PoC: ~~~~~~~~~~~~~ https://legalhackers.com/videos/PHPMailer-Exploit-Remote-Code-Exec-Vuln-CVE-2016-10033-PoC.html VI. BUSINESS IMPACT ------------------------- A successful exploitation could let remote attackers to gain access to the target server in the context of the web server account which could lead to a full compromise of the web application. VII. SYSTEMS AFFECTED ------------------------- All versions of PHPMailer before the critical release of 5.2.18 are affected. VIII. SOLUTION ------------------------- The vulnerability was responsibly disclosed to PHPMailer vendor. The vendor released a critical security release of PHPMailer 5.2.18 to fix the issue as notified at: https://github.com/PHPMailer/PHPMailer/blob/master/changelog.md https://github.com/PHPMailer/PHPMailer/blob/master/SECURITY.md CVE MITRE assigned the following ID to this vulnerability: CVE-2016-10033
@ Maintainer(s): Please bump to >=dev-php/PHPMailer-5.2.19. You can cleanup immediately because package isn't stable.
New version added, old version removed in f199e0f.
tree is clean.