Hi guys,
Is everyone aware of this issue with PHPMAILER? a lot o people use their code and this is a high risk vulnerability.
Please be aware.
CVE-2016-10045
Hi guys,
Is everyone aware of this issue with PHPMAILER? a lot o people use their code and this is a high risk vulnerability.
Please be aware.
CVE-2016-10045
Not sure why Yii is mentioned there. We’re not using PHPMailer.
Some people are, I guess.
Mostly Yii 1.x people, perhaps.
Bad news, SwiftMailer is vulnerable as well.
https://legalhackers.com/advisories/SwiftMailer-Exploit-Remote-Code-Exec-CVE-2016-10074-Vuln.html
Looks like as long as we validate email address properly (like using EmailValidator) we are safe.