PEAK XOOPS - command injection of phpmailer in XOOPS in englishin japanese

Archive | RSS |
XOOPS
XOOPS : command injection of phpmailer in XOOPS
Poster : GIJOE on 2007-06-13 06:03:31 (18210 reads)

in englishin japanese

refer
http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/

Though this is a fatal (sudden-death) vulnerability, it is not the default setting.

If you dare to change the value of mailmethod from "php mail()" to "sendmail", change it to the other values.

I've just released Protector-3.04 with this check.

If you leave such a setting, protector alerts "phpmailer security hole! Change the preferences of mail from "sendmail" to another, or upgrade the core right now!" to you.

1 comments
Printer friendly page Send this story to a friend

Comments list

Re: command injection of phpmailer in XOOPS
minahito  Posted on 2007/6/13 15:55
The important news! Thank you.
Because I don't have enough time to write news, I submit the link to this URL in xoopscube.org. Sorry.

- Simple news
View more comments...
Login
Username or e-mail:

Password:

Remember Me

Lost Password?

Register now!