Websites using PHPMailer for forms are at risk from a critical-rated remote code execution zero day bug. Legal Hackers researcher Dawid Golunski found the vulnerability (CVE-2016-10074) in the much-used library, found in the world’s most popular content management systems and addons. The bug also affects the Zend Mailer and SwiftMailer . A patch was issued for the vulnerability but it can be bypassed, Golunski says, reopening the avenue for attack.
View full story
ORIGINAL SOURCE: The Register