PHPMailer Security Issue

Hi guys,

Is everyone aware of this issue with PHPMAILER? a lot o people use their code and this is a high risk vulnerability.

Please be aware.

CVE-2016-10045

https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html

Not sure why Yii is mentioned there. We’re not using PHPMailer.

Some people are, I guess.

Mostly Yii 1.x people, perhaps.

Bad news, SwiftMailer is vulnerable as well.

https://legalhackers.com/advisories/SwiftMailer-Exploit-Remote-Code-Exec-CVE-2016-10074-Vuln.html

Looks like as long as we validate email address properly (like using EmailValidator) we are safe.

See for more details:

• News: http://www.yiiframework.com/news/122/recent-security-issues-with-phpmailer-and-swiftmailer/

• Forum: http://www.yiiframework.com/forum/index.php/topic/73470-recent-security-issues-with-phpmailer-and-swiftmailer/