Copyright 2024 - Schultz IT Solutions - swiss servicequality for austrian and international enterprises - All rights reserved.
  1. Forum
  3. jDBexport
  5. Product announcements
  7. jDBexport NOT vulnerable to CVE-2016-10033 (third-party library PHPMailer)

jDBexport NOT vulnerable to CVE-2016-10033 (third-party library PHPMailer)

  • Rüdiger Schultz
  • Rüdiger Schultzs Avatar Autor
Mehr
29 Dez 2016 10:04 #1 von Rüdiger Schultz
jDBexport NOT vulnerable to CVE-2016-10033 (third-party library PHPMailer) wurde erstellt von Rüdiger Schultz
Dear jDBexport users,

This message is to confirm that jDBexport is NOT vulnerable to the critical PHPMailer security issue CVE-2016-10033

We are using the the JMail class to create the emails (sending workbooks from the frontend or the scheduler), and JOOMLA JSST has determined that through correct use of the JMail class, there are additional validations in place which make executing this vulnerability impractical within the Joomla environment.
see their respective security advisory at developer.joomla.org/security-centre/668...%21+Security+News%29

However due to the severity of this vulnerability and the wide usage of PHPMailer class, you might wish to clarify this for other implementations of the PHPMailer class in your environment as well.

Let me also use this opportunity to wish all of you a successful 2017

Ruediger Schultz
Schultz IT Solutions
Ruediger Schultz
Schultz IT Solutions

Please support jDBexport on JOOMLA Extension directory (JED) at
extensions.joomla.org/extensions/extensi...ta-reports/jdbexport
Dieses Thema wurde gesperrt.
  1. Forum
  3. jDBexport
  5. Product announcements
  7. jDBexport NOT vulnerable to CVE-2016-10033 (third-party library PHPMailer)