[Vtigercrm-developers] PHPMailer Sendmail Exploit
Stefan Warnat
ich at stefanwarnat.de
Mon Dec 26 17:50:26 GMT 2016
Hy,
I know some users of VtigerCRM did modify the PHPMailer class of Vtiger to
not use SMTP, but Sendmail.
Please read this and check if your clients are using Sendmail delivery
method:
https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html
I backport the required changes to the used PHPMailer version in VtigerCRM,
because it was a much faster solution, then to check everything is working
with latest version of PHPMailer
See here, what you need to change:
http://code.vtiger.com/vtiger/vtigercrm/merge_requests/130/diffs
Or here to download the complete modified file:
http://code.vtiger.com/stefanwarnat/vtigercrm/blob/35d1f2326899a11ea2e2dde7fe70a262d26a45f6/modules/Emails/class.phpmailer.php
Compatible with compatible from 6.0 up to 7.0 Alpha.
Stefan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20161226/64c7c112/attachment.html>
More information about the vtigercrm-developers
mailing list