PHPMailer is a real classic email sending tool which is created in PHP and is being used by tons of website over the internet if I take a rough guess it is used by 9 million websites. And guess what is the most fun part 😈 ? This is because of a newly found vulnerability in PHPMailer version 5.2.18.
This vulnerability affects the sites running PHPMailer and allows the hacker to executed system commands and completely take control of the targets website.
– Discovered by: Dawid Golunski
– Release date: 27.12.2016
– Last revision: 28.12.2016
– Revision 3.0
– Severity: Critical
Exploit :- https://www.exploit-db.com/exploits/40968/
“PHPMailer continues to be the world’s most popular transport class, with an
estimated 9 million users worldwide. Downloads continue at a significant
“Probably the world’s most popular code for sending email from PHP!
Used by many open-source projects: WordPress, Drupal, 1CRM, SugarCRM, Yii,
Joomla! and many more”
More Information regarding this vulnerability can be found on the original site over here:-
How to Fix this:-
Fix to this issue have been released and the best practice is to update your PHPMailer on your site.