Critical phpmailer vulnerability CVE-2016-10033

https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html

We will process this CVE.

Do you have any ETA for this? The hole is very serious and is beginning to afect thousands of sites

Things are bigger than expected

https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html

This is becoming very very serious :frowning:

Latest ruleset already protects vulnerable applications by generic rules. We do not plan to release specific rule for this CVE due to very wide possible range of attack vector.

That’s really bad news, there’re many reports of attacks with this CVE. I fortunatly didn’t see any yet, but this is one of the major bugs/security issues of the year, after the joomla core code.