Tuesday, December 27, 2016

New Joomla vulnerability - TL;DR you're probably okay

There's a new vulnerability in the core Joomla distribution, this time in the PHPMailer plugin.  Successful exploitation results in remote code execution (RCE) and normally I'd be shouting "patch now" from the rooftops.  But in this case, you're probably okay.

The vulnerability is in the "From" email parameter.  The core distribution only uses an API that does not allow the "From" email to be modified.  Joomla advises some other plugins may use the PHPMailer plugin in ways that allow the "From" address to be modified in ways that might result in RCE.  However they stop short of specifying any plugins that are vulnerable.  Do you know of any plugins vulnerable?  Hit me up in the comments.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.