phpwcms Support Forum

The phpwcms support forum will help to find answers to your questions. The small but strong community is here since more than 10 years.
https://forum.phpwcms.org/

PHPMailer Vulnerability

https://forum.phpwcms.org/viewtopic.php?t=15053

Page 1 of 1

PHPMailer Vulnerability

Posted: Mon 18. Jun 2007, 00:21
by Peekay
Does this affect PHPWCMS?

http://sourceforge.net/tracker/index.ph ... tid=385707

Posted: Tue 19. Jun 2007, 01:48
by Peekay
If the above advisory is relevent, you should open:

include/inc_ext/phpmailer/class.phpmailer.php

and replace:

Code: Select all

function SendmailSend($header, $body) {
        if ($this->Sender != "")
        $sendmail = sprintf("%s -oi -f %s -t", $this->Sendmail, $this->Sender);
        else
        $sendmail = sprintf("%s -oi -t", $this->Sendmail);
with:

Code: Select all

function SendmailSend($header, $body) {
         if ($this->Sender != "") {
         $sendmail = sprintf("%s -oi -f %s -t", escapeshellcmd($this->Sendmail), escapeshellarg($this->Sender));
         } else {
         $sendmail = sprintf("%s -oi -t", escapeshellcmd($this->Sendmail));
         }

Posted: Fri 7. Sep 2007, 17:25
by 1996 328ti
Just an FYI.
Two of my sites on different servers have been spewing out emails.
My host believes it was because of phpmailer.
I have deleted it entirely since I don't use it.
Hopefully it won't cause any problems.

Posted: Fri 7. Sep 2007, 17:37
by update
This is fixed in trunk 20-08-2007 (don't know about previous versions)
claus
All times are UTC+01:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited