Mailer RCE Flaw Vulnerability post
No final do ano passado foram encontradas falhas RCE (Remote Code Execution) nas seguintes bibliotecas: PHPMailer (até v5.2.20) SwiftMailer (até v5.4.4) e Zend-mail (até v2.4.10).
Maiores detalhes:
- PHPMailer < 5.2.18 Remote Code Execution (CVE-2016-10033)
- PHPMailer < 5.2.20 Remote Code Execution (CVE-2016-10045 / escapeshell bypass)
- SwiftMailer <= 5.4.5-DEV Remote Code Execution (CVE-2016-10074)
- Zend Framework / zend-mail < 2.4.11 - Remote Code Execution (CVE-2016-10034)