Previous Thread
Next Thread
Print Thread
Rate Thread
Joined: Jul 2001
Posts: 1,157
Likes: 82
coffee and code
coffee and code
Joined: Jul 2001
Posts: 1,157
Likes: 82
Changelog 2016-12-27 --SECURITY BULLETIN--
• PHPMailer -Updated PHPMailer library from 5.2.16 to version 5.2.19
1) https://github.com/PHPMailer/PHPMailer/blob/master/SECURITY.md
2) https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html
3) https://www.wordfence.com/blog/2016/12/phpmailer-vulnerability/

To exploit this vulnerability, an attacker would need to be able to pass user input to a message’s “from” address. UBB.threads is not affected by this issue since email is only ever sent from the configured Forum Email Address and does not allow for user input to be set elsewhere.

In addition, the send-to addresses are always checked that sendmail path exists and validated as correct email format, as well as being escaped, prior to being stored in the database or passed on to PHPMailer. Emailing a post/message goes through several steps of validation prior to being sent, and will not be passed to PHPMailer if the validation does not pass.

NOTES: All versions of the third-party PHPMailer library distributed with UBB.threads versions within the 7.5.x series and prior, are vulnerable to a remote code execution vulnerability. This is patched in PHPMailer 5.2.18 which will be included with UBB.threads 7.6.0.

If you are using the PHPMailer library included within your UBB.threads package to handle any additional or custom (unsupported) scripts, you should manually update your PHPMailer library to version 5.2.18 or newer. https://github.com/PHPMailer/PHPMailer
For reference, UBB.threads 7.5.x uses PHPMailer 2.0.2.


Current developer of UBB.threads PHP Forum Software
Current Release: UBBT 7.7.5 // Preview: UBBT 8.0.0
isaac @ id242.com // my forum @ CelicaHobby.com
Sponsored Links
Joined: Jul 2001
Posts: 1,157
Likes: 82
coffee and code
coffee and code
Joined: Jul 2001
Posts: 1,157
Likes: 82
Changelog 2016-12-28 --SECURITY BULLETIN--
• PHPMailer -Updated PHPMailer library from 5.2.19 to version 5.2.21
1) http://seclists.org/bugtraq/2016/Dec/54
2) https://legalhackers.com/advisories...ec-CVE-2016-10045-Vuln-Patch-Bypass.html


Current developer of UBB.threads PHP Forum Software
Current Release: UBBT 7.7.5 // Preview: UBBT 8.0.0
isaac @ id242.com // my forum @ CelicaHobby.com
Joined: Jul 2001
Posts: 1,157
Likes: 82
coffee and code
coffee and code
Joined: Jul 2001
Posts: 1,157
Likes: 82
Changelog 2017-01-12 --SECURITY BULLETIN--
• PHPMailer -Updated PHPMailer library from 5.2.21 to version 5.2.22
1) https://github.com/PHPMailer/PHPMailer/blob/master/SECURITY.md
2) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5223


Current developer of UBB.threads PHP Forum Software
Current Release: UBBT 7.7.5 // Preview: UBBT 8.0.0
isaac @ id242.com // my forum @ CelicaHobby.com

Moderated by  Gizmo, isaac 

Link Copied to Clipboard
Donate Today!
Donate via PayPal

Donate to UBBDev today to help aid in Operational, Server and Script Maintenance, and Development costs.

Please also see our parent organization VNC Web Services if you're in the need of a new UBB.threads Install or Upgrade, Site/Server Migrations, or Security and Coding Services.
Recommended Hosts
We have personally worked with and recommend the following Web Hosts:
Stable Host
bluehost
InterServer
Visit us on Facebook
Member Spotlight
isaac
isaac
California
Posts: 1,157
Joined: July 2001
Forum Statistics
Forums63
Topics37,573
Posts293,925
Members13,849
Most Online5,166
Sep 15th, 2019
Today's Statistics
Currently Online
Topics Created
Posts Made
Users Online
Birthdays
Top Posters
AllenAyres 21,079
JoshPet 10,369
LK 7,394
Lord Dexter 6,708
Gizmo 5,833
Greg Hard 4,625
Top Posters(30 Days)
Top Likes Received
isaac 82
Gizmo 20
Brett 7
WebGuy 2
Top Likes Received (30 Days)
None yet
The UBB.Developers Network (UBB.Dev/Threads.Dev) is ©2000-2024 VNC Web Services

 
Powered by UBB.threads™ PHP Forum Software 8.0.0
(Preview build 20221218)