There’s a critical security vulnerability in the PHPMailer library, a flaw that could allow an attacker to execute arbitrary code. The bug can be exploited remotely and a researcher already has released proof-of-concept exploit code for it.
The PHPMailer library is used in a large number of web applications and open source projects, including WordPress and Drupal. The library is designed to send emails from PHP apps and the researcher who discovered the bug said attackers can exploit it quite simply.
“An independent research uncovered a critical vulnerability in PHPMailer that could potentially be used by (unauthenticated) remote attackers to achieve remote arbitrary code execution in the context of the web server user and remotely compromise the target web application,” the advisory from researcher Dawid Golunski says.
“To exploit the vulnerability an attacker could target common website components such as contact/feedback forms, registration forms, password email resets and others that send out emails with the help of a vulnerable version of the PHPMailer class.”
The creator of the PHPMailer library has patched the vulnerability in version 5.2.18, and the seriousness of the bug makes it urgent for site owners who use the library to patch as soon as possible. PHPMailer is one of the more popular PHP libraries and all of the versions prior to the patched one released Dec. 24 contain the bug that Golunski discovered.
The exploit code that Golunski developed for the vulnerability works against the Sendmail MTA, but he said the vulnerability itself isn’t limited to that app.
Image: Michael Mayer, CC By license.