SwiftMailer Exploit Remote Code Exec

[Topan]

Hi guys, i got some news from https://legalhackers[dot]com
about SwiftMailer & PHP Mailer was Exploit Remote Code Exec.

https://legalhackers.com/advisories/SwiftMailer-Exploit-Remote-Code-Exec-CVE-2016-10074-Vuln.html

May i know which version is used SwiftMailer in this mailwizz What version? whether the existing patch fixes for security reason?

1. SwiftMailer <= 5.4.5-DEV Remote Code Execution (CVE-2016-10074) [unpatched]
2. PHPMailer < 5.2.20 Remote Code Execution (CVE-2016-10045) (0day Patch Bypass/Exploit)
3. PHPMailer < 5.2.18 Remote Code Execution (CVE-2016-10033)

Thanks,

 

[frm.mwz]

feel free to PM me to get it fixed

 

[Topan]

feel free to PM me to get it fixed

okay i got it

 

[daemon]

Is a critical vulnerability !

 

[twisted1919]

@Topan / @daemon / @frm.mwz - As far as i can see, this cannot affect mailwizz because of the checks we do before we actually pass the params to the swiftmailer / phpmailer, so you should be safe.
Anyway, i will be upgrading the libraries today and issue an update, just to make sure we're all good.

 

[Topan]

@Topan / @daemon / @frm.mwz - As far as i can see, this cannot affect mailwizz because of the checks we do before we actually pass the params to the swiftmailer / phpmailer, so you should be safe.
Anyway, i will be upgrading the libraries today and issue an update, just to make sure we're all good.

Thanks Sir for your kindness.

 

[frm.mwz]

will be upgrading the libraries today and issue an update

Could not find this update, please post latest link. Thx

 

[daemon]

Is there a patch yet to fix a library?

 

[twisted1919]

As i said, mailwizz is safe of this exploit that is why i didn't hurry an update just yet, will make time to issue one and you'll see it in the announcements area.