Hallo zusammen,
ich wollte mal kurz fragen, ob das hier auch das CMSimle_XH 1.6.x betrifft?
Quelle: >>>klick<<<
Ich bin da technisch leider nicht auf der Höhe. Scheint aber nicht unwesentlich zu sein.
Grüße,
Franky
betr. "PHPMailer bringt eine böse Weihnachtsüberraschung"
-
- Posts: 536
- Joined: Sat Jul 28, 2012 11:38 am
- Location: Perle der Grafschaft > 127.0.0.1
- Contact:
betr. "PHPMailer bringt eine böse Weihnachtsüberraschung"
Hoster: Strato
Domains: 9 an der Zahl
CMS: CMSimple_XH, 7x 1.7.2, 1x 1.6.10
Domains: 9 an der Zahl
CMS: CMSimple_XH, 7x 1.7.2, 1x 1.6.10
Re: betr. "PHPMailer bringt eine böse Weihnachtsüberraschung
Danke für die Info, Frank!
Engl. advisory: https://legalhackers.com/advisories/PHP ... -Vuln.html.
The core of CMSimple_XH is not affected, as it doesn't use PHPMailer at all. I'm aware of two plugins that use PHPMailer, namely Advancedform_XH and the Wellrad Shop. I don't know whether the Wellrad Shop might be affected by this issue, but it seems that Advancedform_XH is not. However, apparantly Advancedform_XH has another severe vulnerability – I'll have to investigate more thoroughly.
Engl. advisory: https://legalhackers.com/advisories/PHP ... -Vuln.html.
The core of CMSimple_XH is not affected, as it doesn't use PHPMailer at all. I'm aware of two plugins that use PHPMailer, namely Advancedform_XH and the Wellrad Shop. I don't know whether the Wellrad Shop might be affected by this issue, but it seems that Advancedform_XH is not. However, apparantly Advancedform_XH has another severe vulnerability – I'll have to investigate more thoroughly.
-
- Posts: 536
- Joined: Sat Jul 28, 2012 11:38 am
- Location: Perle der Grafschaft > 127.0.0.1
- Contact:
Re: betr. "PHPMailer bringt eine böse Weihnachtsüberraschung
Hallo,
Besten Dank für die Rückmeldung
Franky
Besten Dank für die Rückmeldung

Franky
Hoster: Strato
Domains: 9 an der Zahl
CMS: CMSimple_XH, 7x 1.7.2, 1x 1.6.10
Domains: 9 an der Zahl
CMS: CMSimple_XH, 7x 1.7.2, 1x 1.6.10
Re: betr. "PHPMailer bringt eine böse Weihnachtsüberraschung
I think I can give the all-clear: neither Advancedform_XH nor the Wellrad Shop are affected by this issue. Also, there doesn't seem to be an email header injection issue in Advancedform_XH.
-
- Posts: 536
- Joined: Sat Jul 28, 2012 11:38 am
- Location: Perle der Grafschaft > 127.0.0.1
- Contact:
Re: betr. "PHPMailer bringt eine böse Weihnachtsüberraschung
Hallo,
Great +1 *thumbsup*
Great +1 *thumbsup*
Hoster: Strato
Domains: 9 an der Zahl
CMS: CMSimple_XH, 7x 1.7.2, 1x 1.6.10
Domains: 9 an der Zahl
CMS: CMSimple_XH, 7x 1.7.2, 1x 1.6.10
Re: betr. "PHPMailer bringt eine böse Weihnachtsüberraschung
AFAIK Newsletter_XH uses PHPMailer too.
CMSimple Plugins by http://CMSimple.HolgerIrmler.de