View Issue Details

IDProjectCategoryView StatusLast Update
0018471phplist applicationSecuritypublic09-05-17 21:14
Reporterjsalmeron 
PriorityurgentSeveritymajorReproducibilityhave not tried
Status resolvedResolutionfixed 
Product Version 
Target VersionFixed in Version3.3.1 
Summary0018471: PHPMailer Security Issue
DescriptionAccording to https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html, there is a security issue in PHPMailer < 5.2.20. In PHPList 3.2.6 I see that the bundled PHPMailer version is 5.2.14, so in principle PHPList could be potentially vulnerable.

Therefore, PHPList should update PHPMailer to the 5.2.20 or higher.
TagsNo tags attached.

Activities

There are no notes attached to this issue.