Exploit type: Remote Code Execution in third-party PHPMailer library
CVE Numbers: CVE-2016-10033 and CVE-2016-10045
All versions of the third-party PHPMailer library distributed are vulnerable to a remote code execution vulnerability.
We have listed a few applications effected. Immediate upgrade is required to avoid interruptions to the PHP mailer system built within your application. To protect our servers and networks this required action is not exceptional and must be repaired to avoid such actions and interruptions.
Software Known To the Advisory and thousands of others:
2. Zen-Cart – 15.4 Versions & below. 1.5.5 claims to fix this issue.
All the listed above are known as well as many others. This critical PHPMailer flaw is to be taken seriously and leaves millions of websites vulnerable. Please update all applications that use this open-source software. Updating to the latest version should take care of the issue and will avoid interruptions of email services.
If you have any questions regarding this announcement or regarding how to get your website updated please contact our development & security team by opening a support request at https://www.host-99.com/submitticket.php.
- FTC Warns Small Businesses: Don't Open Email Falsely Claiming to be From FTC (0.300)
- Heart Bleed Bug Affected Sites and Services (0.300)
- There Is a New Security Vulnerability Named POODLE, and It Is Not Cute (0.300)
- Zen Cart announcement about POODLE and payment security (0.300)
- SSL 3.0 POODLE Vulnerability Has Wide Ranging Effects (0.300)
- Security Advisory: XSS Vulnerability Affecting Multiple WordPress Plugins (0.300)
- UPDATED: Server 23 Apache and TSL Upgrade (0.300)
- PCI Merchant Requirements (0.200)
- PCI DSS 2.0 Compliance (0.200)
- How to Be Compliant (0.200)