smtpd icon indicating copy to clipboard operation
smtpd copied to clipboard
verified publisher icon TheFox

Upgrade phpMailer to v5.2.27 due to Security issue

Open TheFox opened this issue 5 years ago • 0 comments

PHPMailer versions prior to 6.0.6 and 5.2.27 are vulnerable to an object injection attack by passing phar:// paths into addAttachment() and other functions that may receive unfiltered local paths, possibly leading to RCE.

See https://knasmueller.net/5-answers-about-php-phar-exploitation?cookie-state-change=1583482795465

TheFox avatar Mar 06 '20 08:03 TheFox