phpmailer CVE-2016-10033

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author edward_plainview

    (@edward_plainview)

    The PHPmailer class in the Activity Monitor is never used, but I’ve updated the class and uploaded a new version of the monitor.

    Thread Starter az6667

    (@az6667)

    Thankyou for your attention to this, it is appreciated.

    Please be advised, however, that the patch for CVE-2016-10033 included in PHPMailer v5.2.18 seems to have introduced another vulnerability ?? (CVE-2016-10045)

    Since, as you say, Plainview doesn’t make use of PHPMailer, I expect the exposure is low.
    However, you can expect a new release, e.g. 5.2.20 at some point in the near future, to address the new vuln.

    Thread Starter az6667

    (@az6667)

    I can confirm that PHPMailer v5.2.21 has been released via github.

    This version patches both the 10033 and 10045 vulnerabilities.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘phpmailer CVE-2016-10033’ is closed to new replies.

Tags