Yii Framework Forum: PHPMailer Security Issue - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

PHPMailer Security Issue Rate Topic: -----

#1 User is offline   eestevao 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 15
  • Joined: 05-July 12

Posted 28 December 2016 - 10:51 AM

Hi guys,

Is everyone aware of this issue with PHPMAILER? a lot o people use their code and this is a high risk vulnerability.

Please be aware.
CVE-2016-10045
https://legalhackers...tch-Bypass.html
0

#2 User is offline   samdark 

  • Having fun
  • Yii
  • Group: Yii Dev Team
  • Posts: 5,184
  • Joined: 17-January 09
  • Location:Russia

Posted 28 December 2016 - 11:21 AM

Not sure why Yii is mentioned there. We're not using PHPMailer.
Yii 2.0 Development Cookbook

Enjoying Yii? Star us at github

Support me so I can work more on Yii: https://www.patreon.com/samdark
0

#3 User is offline   jacmoe 

  • Elite Member
  • Yii
  • Group: Moderators
  • Posts: 3,694
  • Joined: 10-October 10
  • Location:Denmark

Posted 28 December 2016 - 12:15 PM

Some people are, I guess.
Mostly Yii 1.x people, perhaps.
"Less noise - more signal"
0

#4 User is offline   Bizley 

  • Master Member
  • PipPipPipPip
  • Yii
  • Group: Members
  • Posts: 922
  • Joined: 29-July 14
  • Location:Wrocław

Posted 28 December 2016 - 03:09 PM

Bad news, SwiftMailer is vulnerable as well.

https://legalhackers...10074-Vuln.html

Looks like as long as we validate email address properly (like using EmailValidator) we are safe.
http://bizley.pl ʕ•ᴥ•ʔ
0

#5 User is offline   CeBe 

  • Advanced Member
  • Yii
  • Group: Yii Dev Team
  • Posts: 567
  • Joined: 16-July 10
  • Location:Berlin. Germany

Posted 28 December 2016 - 06:19 PM

See for more details:

- News: http://www.yiiframew...nd-swiftmailer/
- Forum: http://www.yiiframew...nd-swiftmailer/
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users