[Vtigercrm-developers] PHPMailer Sendmail Exploit

Stefan Warnat ich at stefanwarnat.de
Mon Dec 26 17:50:26 GMT 2016


Hy,

I know some users of VtigerCRM did modify the PHPMailer class of Vtiger to
not use SMTP, but Sendmail.

Please read this and check if your clients are using Sendmail delivery
method:
https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html

I backport the required changes to the used PHPMailer version in VtigerCRM,
because it was a much faster solution, then to check everything is working
with latest version of PHPMailer

See here, what you need to change:
http://code.vtiger.com/vtiger/vtigercrm/merge_requests/130/diffs

Or here to download the complete modified file:
http://code.vtiger.com/stefanwarnat/vtigercrm/blob/35d1f2326899a11ea2e2dde7fe70a262d26a45f6/modules/Emails/class.phpmailer.php

Compatible with compatible from 6.0 up to 7.0 Alpha.

Stefan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20161226/64c7c112/attachment.html>


More information about the vtigercrm-developers mailing list