Real-time Setup: Fully automated domain and web hosting services.

Now Hosting Over 50,000 Domain Names!        

Accredited in Kenya, Rwanda, Nigeria & South Africa.

Kenya's Largest Domain Registar - 2021 KeNIC Report


0722 209 414 | 0733 367 596
info@kenyawebexperts.co.ke

 
 
 

Knowledgebase

Portal Home > Knowledgebase > Security > Critical PHPMailer Flaw leaves Millions of Websites Vulnerable Kenya

Critical PHPMailer Flaw leaves Millions of Websites Vulnerable Kenya Print

  • 0

Dec 25 2016: A critical vulnerability has been discovered in PHPMailer, which is one of the most popular open source PHP libraries to send emails used by more than 9 Million users worldwide.
Millions of PHP websites and popular open source web applications, including WordPress, Drupal, 1CRM, SugarCRM, Yii, and Joomla comes with PHPMailer library for sending emails using a variety of methods, including SMTP to their users.

Discovered by Polish security researcher Dawid Golunski of Legal Hackers, the critical vulnerability (CVE-2016-10033) allows an attacker to remotely execute arbitrary code in the context of the web server and compromise the target web application.


"To exploit the vulnerability an attacker could target common website components such as contact/feedback forms, registration forms, password email resets and others that send out emails with the help of a vulnerable version of the PHPMailer class," Golunski writes in the advisory published today.
Golunski responsibly reported the vulnerability to the developers, who have patched the vulnerability in their new release, PHPMailer 5.2.18.

All versions of PHPMailer before the critical release of PHPMailer 5.2.18 are affected, so web administrators and developers are strongly recommended to update to the patched release.

Since The Hacker News is making the first public disclosure of the vulnerability in the news following Golunski advisory and millions of websites remain unpatched.

For more details please visit the following links

https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html

https://twitter.com/search?f=tweets&vertical=default&q=%23PhpMailer

 


Was this answer helpful?

« Back

Our official partners

The Best Web Hosting Company in Nairobi, Kenya.

Kenya Website Experts Ltd is the Largest Web Hosting Company in Kenya, our core focus is helping and empowering businesses & organizations online. Thousands of customers rely on our domains and web hosting to get their ideas online. We offer everything you need to create an effective & successful online presence backed by expert, personalized customer support. We offer ultra fast, reliable, affordable and secure website hosting services, email hosting, cloud hosting and SSL certificates. We make registration of Kenyan domain names (.co.ke, .or.ke .ac.ke) and international domains (.com, .org, .net) fast, simple, and secure. Our expert team is always on hand to help answer your questions, get you started, and grow your presence online. We deliver on performance, security, reliability and customer service day in, day out, and we’re a trusted partner.

 

Get everything you need for Online Prosperity.