Vulnerability

[monty2210]

Sorry for my English use translator

today going on antivirus in plesk

i found this

Public Vulnerabilities
File        /vendor/phpmailer/phpmailer/src/PHPMailer.php

 Vulnerability            RCE : CVE-2016-10045, CVE-2016-10031

 

and I don't know if it's false positive or I have a problem

Could you guide me a little?

 

Regards Fernando

[monty2210]

He left the file

PHPMailer.php

[Remitur]

It seems to affect only phpmailer < 5.2.20: what version are you using?

Just update it and maybe you'll fix it...

https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html

Edited October 2, 2019 by Remitur

[bear]

17 hours ago, monty2210 said:

File        /vendor/phpmailer/phpmailer/src/PHPMailer.php

The folder "src", and the file named doesn't exist in my installations. Can you show the file structure for that directory tree?

Edited October 2, 2019 by bear

[brian!]

2 hours ago, bear said:

Can you show the file structure for that directory tree?

the src folder was seemingly only introduced with v7.8, so if you haven't updated, then that could be why you can't see it.

[monty2210]

hello, sorry for late, work

I have the latest official downloaded version with key

left structure

 

[bear]

That must be why. I generally hold off until the dust settles and the issues get resolved. Still waiting. 😉

[monty2210]

if I take PHPMailer.php from the official zip

I pass it through https://www.virustotal.com

this comes out

 

[monty2210]

whmcs_v782_full

[monty2210]

well, according to support it is a false positive