Ecommerce software home
Shopping Cart Software Forum for Ecommerce Templates
 
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
 Password:
Save Password
Forgot your Password?

Find us on Facebook Follow us on Twitter View our YouTube channel
Search our site
Buy now for ...
How it works
General help
Author « Topic »  

ecogaga
New Member

Canada
84 Posts

Pre-sales questions only
(More Details...)

Posted - 07/27/2021 :  18:56:20  
Hello ,

Is there a fix already for the following code vulnerability?
vsadmin/inc/class.phpmailer.php

class.phpmailer.php

Code injection
Patch ID:
4466
Name:
[CVE-2020-36326 - CVE-2018-19296] Object injection
Description:
CVE-2020-36326 - An external file could be unexpectedly executable if it was used as a path to an attachment file via PHP's support for .phar files`. Exploitation requires that an attacker was able to provide an unfiltered path to a file to attach. CVE-2018-19296 - Was vulnerable to an object injection attack by passing phar:// paths into addAttachment() and other functions that could receive unfiltered local paths, possibly lead to RCE.

insight
ECT Moderator

USA
4476 Posts
Posted - 07/27/2021 :  21:09:51  
Depends what cart version you are running and what PHPMailer version is included within it. If you are fully up to date then the vulnerable file is no longer used by ECT, it's been replaced by PHPMailer.php, so if still present the old one can be deleted.

Peter


Professional ecommerce web hosting services
Shared hosting Windows & Linux | Dedicated servers | Domains | SSL
Ecommerce Templates specialists since 2003
https://servelink.com
  « Topic »  
Jump To:
Shopping Cart Software Forum for Ecommerce Templates © 2002-2022 ecommercetemplates.com
This page was generated in 0.02 seconds. Snitz Forums 2000