Comments on: PHPMailer 0day remote command execution

By: Mantis Bug Tracker Blog » Blog Archive » Evaluating a PHPMailer Vulnerability

Mon, 16 Jul 2007 06:53:22 +0000

[...] sender address can be used to gain access to system resources. This exploit is described in “PHPMailer 0day remote command execution” and [...]

By: NafieCarL.Com | About Blogging, eBiz & Advertisement » News - Three holes closed in WordPress

Sun, 01 Jul 2007 11:11:26 +0000

[...] PHPMailer 0day remote command execution, Thor Larholm’s security advisory [...]

By: developercast.com » Symfony Blog: symfony 1.0.5 released (security fix)

developercast.com » Symfony Blog: symfony 1.0.5 released (security fix) — Thu, 28 Jun 2007 15:47:42 +0000

[...] The Symfony project has released the latest version of their framework - Symfony 1.0.5 - largely a security fix release to help head off some issues that came up with the phpmailer utility. I’ve just released symfony 1.0.5. If you use the symfony built-in phpmailer (and you do if you use the ->sendMail() method in your actions), you must upgrade to this release or apply the following patch: http://trac.symfony-project.com/trac/changeset/4380?format=diff&new=4380. PHPMailer has a remote command execution vulnerability if you have configured it to use sendmail. You can find more information about this issue here: http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/ [...]

By: Larholm.com - Me, myself and I » PHPMailer security updates

Larholm.com - Me, myself and I » PHPMailer security updates — Wed, 27 Jun 2007 04:15:42 +0000

[...] security updates By Thor Larholm On June 11 I published an input validation vulnerability in PHPMailer, CVE-2007-3215. Since then, a number of applications [...]

By: rpsblog.com » symfony 1.0.5 released (security fix)

rpsblog.com » symfony 1.0.5 released (security fix) — Tue, 26 Jun 2007 14:38:22 +0000

[...] PHPMailer has a remote command execution vulnerability if you have configured it to use sendmail. You can find more information about this issue here: http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/ [...]

By: symfony 1.0.5 released at ???Blog

symfony 1.0.5 released at ???Blog — Tue, 26 Jun 2007 03:27:19 +0000

[...] PHPMailer ?????sendmail????????????????????http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/ [...]

By: PHPMailer????

PHPMailer???? — Sun, 17 Jun 2007 02:26:30 +0000

[...] PHPMailer????????????????????????????????popen????????????????????????????????????????????fork??????????????WordPress??wp-includes/class-phpmailer.php????????????????????? [...]

By: Gordon Franke

Gordon Franke — Tue, 12 Jun 2007 13:08:28 +0000

there is a Plugin for Symfony to use the Swift Mailer:
http://trac.symfony-project.com/trac/wiki/sfSwiftPlugin

By: Kamilion

Kamilion — Mon, 11 Jun 2007 23:54:03 +0000

Swiftmailer doesn’t have this problem, and has a PHPMailer shim.

http://www.swiftmailer.org/

By: Thor Larholm

Thor Larholm — Mon, 11 Jun 2007 11:19:32 +0000

A quick note:

The Symfony web PHP framework uses PHPMailer as its base emailer utility.