Image for post: SwiftMailer, PhpMailer and ZendMail RCE vulnerability

SwiftMailer, PhpMailer and ZendMail RCE vulnerability

A vulnerability about these popular libraries has been discovered. This video demonstrates how to execute arbitrary code in a vulnerable PHP application that is using Swiftmailer, PHPMailer or ZendMail. The attacker uses a python exploit script to catch informations about the victim and perform the execution of arbitrary code with an email injection. The security expert Dawid Golunski from Legal Hackers has reported this vulnerability. A lack of escaping shell arguments and commands allows the attacker to inject some code with a string escaping the " or ' character.

PHPMailer released the version 5.2.18 after the bug report but the patch for this vulnerability was incomplete so Dawid Golunski discovered a new vulnerability,

Now the version 5.2.20 is ok but another very bad news is that SwiftMailer and ZendMail are affected by the same vulnerability. SwitfMailer is widely adopted in open-source projects, including programming frameworks like Yii2, Laravel, Symfony that allow sending emails over SMTP. Another flaw has been tracked 

All development teams have solved the problem but now the question is: how many websites are still using the old libraries with this vulnerability? Every site administrator using these libraries must update them to the last versions ASAP.

Here is the blog post about ZendMail.