Mailer RCE Flaw Vulnerability post

Por Rogério Lino

No final do ano passado foram encontradas falhas RCE (Remote Code Execution) nas seguintes bibliotecas: PHPMailer (até v5.2.20) SwiftMailer (até v5.4.4) e Zend-mail (até v2.4.10).

Maiores detalhes:

  • PHPMailer < 5.2.18 Remote Code Execution (CVE-2016-10033)
  • PHPMailer < 5.2.20 Remote Code Execution (CVE-2016-10045 / escapeshell bypass)
  • SwiftMailer <= 5.4.5-DEV Remote Code Execution (CVE-2016-10074)
  • Zend Framework / zend-mail < 2.4.11 - Remote Code Execution (CVE-2016-10034)

Tags: rce-flaw, phpmailer, swiftmailer, zend-mail, mail