{"id":3939,"date":"2017-01-04T02:56:03","date_gmt":"2017-01-04T07:56:03","guid":{"rendered":"http:\/\/local.brightwhiz\/?p=3939"},"modified":"2021-12-08T13:43:37","modified_gmt":"2021-12-08T18:43:37","slug":"swiftmailer-phpmailer-zendmail-php-mailing-libraries-flaws","status":"publish","type":"post","link":"http:\/\/local.brightwhiz\/swiftmailer-phpmailer-zendmail-php-mailing-libraries-flaws\/","title":{"rendered":"SwiftMailer, PhpMailer and ZendMail PHP Mailing Libraries Found With Critical Flaws"},"content":{"rendered":"\n

Just recently we mentioned the security flaw<\/a> in PHPMailer<\/a>. Barely a week later we are at it again this time with flaws in the three major PHP<\/a> mailing libraries namely PHPMailer, SwiftMailer, and ZendMail.<\/p>\n\n\n\n

The critical flows found in these PHP mailing libraries <\/a>allow a remote attacker to execute arbitrary code in the context of the webserver and compromise the web application. The flaw was earlier revealed to have been found in PHPMailer and a patch was issued. However, a couple of days later the patched version was found to be vulnerable and another patch was issued to fix the problem.<\/p>\n\n\n\n

The flaws were disclosed by Polish security researcher Dawid Golunski of Legal Hackers.<\/p>\n\n\n\n

Who is Affected by The RCE Flaws in These PHP Mailing Libraries<\/h2>\n\n\n\n

The initial flaw in PHPMailer affected nine million users and a fix was issued even though Dawid was able to breach the library again forcing the team to release another patch. PHPMailer is used in WordPress<\/a>, Joomla<\/a>, Drupal<\/a>, 1CRM, SugarCRM, and Yii among a host of other propriety and custom plugins, extensions, Content Management Systems (CMS), and websites. The safe update of PHPMailer is version 5.2.20. Users are advised to update to this version<\/a> as soon as possible.<\/p>\n\n\n\n

SwiftMailer, another popular mailing<\/a> library used in Laravel, Symfony, Yii2, and other open-source projects also contains the same vulnerability that can be exploited via all web forms that send out emails via SMTP<\/a>.<\/p>\n\n\n\n

According to the changelog<\/a> for SwiftMailer on Github, “The mail transport (Swift_Transport_MailTransport) was vulnerable to passing arbitrary shell arguments if the “From,” “ReturnPath” or “Sender” header came from a non-trusted source, potentially allowing Remote Code Execution,”. All updates of SwiftMailer prior to version 5.4.5 are vulnerable and therefore all users are advised to update with immediate effect.<\/p>\n\n\n\n

The Zend Framework<\/a> with more than 95 Million installations uses the ZendMail component for sending out emails. This component happens to harbor the same flaw which may allow an attacker to inject arbitrary parameters into the system Sendmail program. The team at Zend has given more light to the issue in this blog post<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

Just recently we mentioned the security flaw in PHPMailer. Barely a week later we are at it again this time with flaws in the three major PHP mailing libraries namely…<\/p>\n","protected":false},"author":1,"featured_media":3940,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13],"tags":[207,219,313,320,331,350,363,424,433,449,452,453,526,539,543,571,591,635,636,637,638,651,660],"yoast_head":"\nCritical Flaws in SwiftMailer, PhpMailer, ZendMail PHP Mailing Libraries<\/title>\n<meta name=\"description\" content=\"More critical flaws have been discovered in SwiftMailer, PhpMailer and ZendMail PHP Mailing Libraries that could lead to to remote code execution attacks\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/local.brightwhiz\/swiftmailer-phpmailer-zendmail-php-mailing-libraries-flaws\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Critical Flaws in SwiftMailer, PhpMailer, ZendMail PHP Mailing Libraries\" \/>\n<meta property=\"og:description\" content=\"More critical flaws have been discovered in SwiftMailer, PhpMailer and ZendMail PHP Mailing Libraries that could lead to to remote code execution attacks\" \/>\n<meta property=\"og:url\" content=\"http:\/\/local.brightwhiz\/swiftmailer-phpmailer-zendmail-php-mailing-libraries-flaws\/\" \/>\n<meta property=\"og:site_name\" content=\"Brightwhiz.com\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/brightwhiz\/\" \/>\n<meta property=\"article:published_time\" content=\"2017-01-04T07:56:03+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-12-08T18:43:37+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/local.brightwhiz\/wp-content\/uploads\/2017\/01\/PHP-Mailing-Libraries.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Michael Bright\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@brightwhizmag\" \/>\n<meta name=\"twitter:site\" content=\"@brightwhizmag\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Michael Bright\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"http:\/\/local.brightwhiz\/swiftmailer-phpmailer-zendmail-php-mailing-libraries-flaws\/#article\",\"isPartOf\":{\"@id\":\"http:\/\/local.brightwhiz\/swiftmailer-phpmailer-zendmail-php-mailing-libraries-flaws\/\"},\"author\":{\"name\":\"Michael Bright\",\"@id\":\"http:\/\/local.brightwhiz\/#\/schema\/person\/81f0f3126f13834ae2e7f381b3028e32\"},\"headline\":\"SwiftMailer, PhpMailer and ZendMail PHP Mailing Libraries Found With Critical Flaws\",\"datePublished\":\"2017-01-04T07:56:03+00:00\",\"dateModified\":\"2021-12-08T18:43:37+00:00\",\"mainEntityOfPage\":{\"@id\":\"http:\/\/local.brightwhiz\/swiftmailer-phpmailer-zendmail-php-mailing-libraries-flaws\/\"},\"wordCount\":358,\"commentCount\":0,\"publisher\":{\"@id\":\"http:\/\/local.brightwhiz\/#organization\"},\"image\":{\"@id\":\"http:\/\/local.brightwhiz\/swiftmailer-phpmailer-zendmail-php-mailing-libraries-flaws\/#primaryimage\"},\"thumbnailUrl\":\"http:\/\/local.brightwhiz\/wp-content\/uploads\/2017\/01\/PHP-Mailing-Libraries.jpg\",\"keywords\":[\"Drupal\",\"Email\",\"InfoSec\",\"Internet\",\"Joomla\",\"Libraries\",\"Mail\",\"Open Source\",\"Optimization\",\"Performance\",\"PHP\",\"PHPMailer\",\"Security\",\"SMTP\",\"Software Design\",\"SwiftMailer\",\"Tools\",\"Web\",\"Web Applications\",\"Web Design\",\"Web Development\",\"WordPress\",\"ZendMail\"],\"articleSection\":[\"News\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"http:\/\/local.brightwhiz\/swiftmailer-phpmailer-zendmail-php-mailing-libraries-flaws\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"http:\/\/local.brightwhiz\/swiftmailer-phpmailer-zendmail-php-mailing-libraries-flaws\/\",\"url\":\"http:\/\/local.brightwhiz\/swiftmailer-phpmailer-zendmail-php-mailing-libraries-flaws\/\",\"name\":\"Critical Flaws in SwiftMailer, PhpMailer, ZendMail PHP Mailing Libraries\",\"isPartOf\":{\"@id\":\"http:\/\/local.brightwhiz\/#website\"},\"primaryImageOfPage\":{\"@id\":\"http:\/\/local.brightwhiz\/swiftmailer-phpmailer-zendmail-php-mailing-libraries-flaws\/#primaryimage\"},\"image\":{\"@id\":\"http:\/\/local.brightwhiz\/swiftmailer-phpmailer-zendmail-php-mailing-libraries-flaws\/#primaryimage\"},\"thumbnailUrl\":\"http:\/\/local.brightwhiz\/wp-content\/uploads\/2017\/01\/PHP-Mailing-Libraries.jpg\",\"datePublished\":\"2017-01-04T07:56:03+00:00\",\"dateModified\":\"2021-12-08T18:43:37+00:00\",\"description\":\"More critical flaws have been discovered in SwiftMailer, PhpMailer and ZendMail PHP Mailing Libraries that could lead to to remote code execution attacks\",\"breadcrumb\":{\"@id\":\"http:\/\/local.brightwhiz\/swiftmailer-phpmailer-zendmail-php-mailing-libraries-flaws\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/local.brightwhiz\/swiftmailer-phpmailer-zendmail-php-mailing-libraries-flaws\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"http:\/\/local.brightwhiz\/swiftmailer-phpmailer-zendmail-php-mailing-libraries-flaws\/#primaryimage\",\"url\":\"http:\/\/local.brightwhiz\/wp-content\/uploads\/2017\/01\/PHP-Mailing-Libraries.jpg\",\"contentUrl\":\"http:\/\/local.brightwhiz\/wp-content\/uploads\/2017\/01\/PHP-Mailing-Libraries.jpg\",\"width\":1200,\"height\":630,\"caption\":\"PHP Mailing Libraries\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/local.brightwhiz\/swiftmailer-phpmailer-zendmail-php-mailing-libraries-flaws\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/local.brightwhiz\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SwiftMailer, PhpMailer and ZendMail PHP Mailing Libraries Found With Critical Flaws\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/local.brightwhiz\/#website\",\"url\":\"http:\/\/local.brightwhiz\/\",\"name\":\"Brightwhiz.com\",\"description\":\"Best Tech guides, Tutorials, and News\",\"publisher\":{\"@id\":\"http:\/\/local.brightwhiz\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/local.brightwhiz\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"http:\/\/local.brightwhiz\/#organization\",\"name\":\"Brightwhiz\",\"url\":\"http:\/\/local.brightwhiz\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"http:\/\/local.brightwhiz\/#\/schema\/logo\/image\/\",\"url\":\"http:\/\/local.brightwhiz\/wp-content\/uploads\/2021\/11\/brightwhiz-com-logo-orange.png\",\"contentUrl\":\"http:\/\/local.brightwhiz\/wp-content\/uploads\/2021\/11\/brightwhiz-com-logo-orange.png\",\"width\":706,\"height\":135,\"caption\":\"Brightwhiz\"},\"image\":{\"@id\":\"http:\/\/local.brightwhiz\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/brightwhiz\/\",\"https:\/\/x.com\/brightwhizmag\",\"https:\/\/instagram.com\/bright_whiz\/\",\"https:\/\/www.pinterest.com\/sobbayi\/\",\"https:\/\/www.youtube.com\/channel\/UC6sCdP_d_RiTIM7ErFT-PSQ\"]},{\"@type\":\"Person\",\"@id\":\"http:\/\/local.brightwhiz\/#\/schema\/person\/81f0f3126f13834ae2e7f381b3028e32\",\"name\":\"Michael Bright\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"http:\/\/local.brightwhiz\/#\/schema\/person\/image\/\",\"url\":\"http:\/\/1.gravatar.com\/avatar\/da90485875ff0aafa38fdd494abe87d1?s=96&d=mm&r=g\",\"contentUrl\":\"http:\/\/1.gravatar.com\/avatar\/da90485875ff0aafa38fdd494abe87d1?s=96&d=mm&r=g\",\"caption\":\"Michael Bright\"},\"sameAs\":[\"https:\/\/sobbayi.com\"],\"url\":\"http:\/\/local.brightwhiz\/author\/sobbayiadmin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Critical Flaws in SwiftMailer, PhpMailer, ZendMail PHP Mailing Libraries","description":"More critical flaws have been discovered in SwiftMailer, PhpMailer and ZendMail PHP Mailing Libraries that could lead to to remote code execution attacks","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/local.brightwhiz\/swiftmailer-phpmailer-zendmail-php-mailing-libraries-flaws\/","og_locale":"en_US","og_type":"article","og_title":"Critical Flaws in SwiftMailer, PhpMailer, ZendMail PHP Mailing Libraries","og_description":"More critical flaws have been discovered in SwiftMailer, PhpMailer and ZendMail PHP Mailing Libraries that could lead to to remote code execution attacks","og_url":"http:\/\/local.brightwhiz\/swiftmailer-phpmailer-zendmail-php-mailing-libraries-flaws\/","og_site_name":"Brightwhiz.com","article_publisher":"https:\/\/www.facebook.com\/brightwhiz\/","article_published_time":"2017-01-04T07:56:03+00:00","article_modified_time":"2021-12-08T18:43:37+00:00","og_image":[{"width":1200,"height":630,"url":"http:\/\/local.brightwhiz\/wp-content\/uploads\/2017\/01\/PHP-Mailing-Libraries.jpg","type":"image\/jpeg"}],"author":"Michael Bright","twitter_card":"summary_large_image","twitter_creator":"@brightwhizmag","twitter_site":"@brightwhizmag","twitter_misc":{"Written by":"Michael Bright","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"http:\/\/local.brightwhiz\/swiftmailer-phpmailer-zendmail-php-mailing-libraries-flaws\/#article","isPartOf":{"@id":"http:\/\/local.brightwhiz\/swiftmailer-phpmailer-zendmail-php-mailing-libraries-flaws\/"},"author":{"name":"Michael Bright","@id":"http:\/\/local.brightwhiz\/#\/schema\/person\/81f0f3126f13834ae2e7f381b3028e32"},"headline":"SwiftMailer, PhpMailer and ZendMail PHP Mailing Libraries Found With Critical Flaws","datePublished":"2017-01-04T07:56:03+00:00","dateModified":"2021-12-08T18:43:37+00:00","mainEntityOfPage":{"@id":"http:\/\/local.brightwhiz\/swiftmailer-phpmailer-zendmail-php-mailing-libraries-flaws\/"},"wordCount":358,"commentCount":0,"publisher":{"@id":"http:\/\/local.brightwhiz\/#organization"},"image":{"@id":"http:\/\/local.brightwhiz\/swiftmailer-phpmailer-zendmail-php-mailing-libraries-flaws\/#primaryimage"},"thumbnailUrl":"http:\/\/local.brightwhiz\/wp-content\/uploads\/2017\/01\/PHP-Mailing-Libraries.jpg","keywords":["Drupal","Email","InfoSec","Internet","Joomla","Libraries","Mail","Open Source","Optimization","Performance","PHP","PHPMailer","Security","SMTP","Software Design","SwiftMailer","Tools","Web","Web Applications","Web Design","Web Development","WordPress","ZendMail"],"articleSection":["News"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["http:\/\/local.brightwhiz\/swiftmailer-phpmailer-zendmail-php-mailing-libraries-flaws\/#respond"]}]},{"@type":"WebPage","@id":"http:\/\/local.brightwhiz\/swiftmailer-phpmailer-zendmail-php-mailing-libraries-flaws\/","url":"http:\/\/local.brightwhiz\/swiftmailer-phpmailer-zendmail-php-mailing-libraries-flaws\/","name":"Critical Flaws in SwiftMailer, PhpMailer, ZendMail PHP Mailing Libraries","isPartOf":{"@id":"http:\/\/local.brightwhiz\/#website"},"primaryImageOfPage":{"@id":"http:\/\/local.brightwhiz\/swiftmailer-phpmailer-zendmail-php-mailing-libraries-flaws\/#primaryimage"},"image":{"@id":"http:\/\/local.brightwhiz\/swiftmailer-phpmailer-zendmail-php-mailing-libraries-flaws\/#primaryimage"},"thumbnailUrl":"http:\/\/local.brightwhiz\/wp-content\/uploads\/2017\/01\/PHP-Mailing-Libraries.jpg","datePublished":"2017-01-04T07:56:03+00:00","dateModified":"2021-12-08T18:43:37+00:00","description":"More critical flaws have been discovered in SwiftMailer, PhpMailer and ZendMail PHP Mailing Libraries that could lead to to remote code execution attacks","breadcrumb":{"@id":"http:\/\/local.brightwhiz\/swiftmailer-phpmailer-zendmail-php-mailing-libraries-flaws\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/local.brightwhiz\/swiftmailer-phpmailer-zendmail-php-mailing-libraries-flaws\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"http:\/\/local.brightwhiz\/swiftmailer-phpmailer-zendmail-php-mailing-libraries-flaws\/#primaryimage","url":"http:\/\/local.brightwhiz\/wp-content\/uploads\/2017\/01\/PHP-Mailing-Libraries.jpg","contentUrl":"http:\/\/local.brightwhiz\/wp-content\/uploads\/2017\/01\/PHP-Mailing-Libraries.jpg","width":1200,"height":630,"caption":"PHP Mailing Libraries"},{"@type":"BreadcrumbList","@id":"http:\/\/local.brightwhiz\/swiftmailer-phpmailer-zendmail-php-mailing-libraries-flaws\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/local.brightwhiz\/"},{"@type":"ListItem","position":2,"name":"SwiftMailer, PhpMailer and ZendMail PHP Mailing Libraries Found With Critical Flaws"}]},{"@type":"WebSite","@id":"http:\/\/local.brightwhiz\/#website","url":"http:\/\/local.brightwhiz\/","name":"Brightwhiz.com","description":"Best Tech guides, Tutorials, and News","publisher":{"@id":"http:\/\/local.brightwhiz\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/local.brightwhiz\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"http:\/\/local.brightwhiz\/#organization","name":"Brightwhiz","url":"http:\/\/local.brightwhiz\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"http:\/\/local.brightwhiz\/#\/schema\/logo\/image\/","url":"http:\/\/local.brightwhiz\/wp-content\/uploads\/2021\/11\/brightwhiz-com-logo-orange.png","contentUrl":"http:\/\/local.brightwhiz\/wp-content\/uploads\/2021\/11\/brightwhiz-com-logo-orange.png","width":706,"height":135,"caption":"Brightwhiz"},"image":{"@id":"http:\/\/local.brightwhiz\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/brightwhiz\/","https:\/\/x.com\/brightwhizmag","https:\/\/instagram.com\/bright_whiz\/","https:\/\/www.pinterest.com\/sobbayi\/","https:\/\/www.youtube.com\/channel\/UC6sCdP_d_RiTIM7ErFT-PSQ"]},{"@type":"Person","@id":"http:\/\/local.brightwhiz\/#\/schema\/person\/81f0f3126f13834ae2e7f381b3028e32","name":"Michael Bright","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"http:\/\/local.brightwhiz\/#\/schema\/person\/image\/","url":"http:\/\/1.gravatar.com\/avatar\/da90485875ff0aafa38fdd494abe87d1?s=96&d=mm&r=g","contentUrl":"http:\/\/1.gravatar.com\/avatar\/da90485875ff0aafa38fdd494abe87d1?s=96&d=mm&r=g","caption":"Michael Bright"},"sameAs":["https:\/\/sobbayi.com"],"url":"http:\/\/local.brightwhiz\/author\/sobbayiadmin\/"}]}},"_links":{"self":[{"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/posts\/3939"}],"collection":[{"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/comments?post=3939"}],"version-history":[{"count":0,"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/posts\/3939\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/media\/3940"}],"wp:attachment":[{"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/media?parent=3939"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/categories?post=3939"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/tags?post=3939"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}