command injection of phpmailer in XOOPS
Date 2007-06-13 06:03:31 | Category: XOOPS
|
refer http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/
Though this is a fatal (sudden-death) vulnerability, it is not the default setting.
If you dare to change the value of mailmethod from "php mail()" to "sendmail", change it to the other values.
I've just released Protector-3.04 with this check.
If you leave such a setting, protector alerts "phpmailer security hole! Change the preferences of mail from "sendmail" to another, or upgrade the core right now!" to you.
|
|