Copyright 2024 - Schultz IT Solutions - swiss servicequality for austrian and international enterprises - All rights reserved.

jDBexport NOT vulnerable to CVE-2016-10033 (third-party library PHPMailer)

  • Rüdiger Schultz
  • Rüdiger Schultz's Avatar Topic Author
More
29 Dec 2016 10:04 #1 by Rüdiger Schultz
Dear jDBexport users,

This message is to confirm that jDBexport is NOT vulnerable to the critical PHPMailer security issue CVE-2016-10033

We are using the the JMail class to create the emails (sending workbooks from the frontend or the scheduler), and JOOMLA JSST has determined that through correct use of the JMail class, there are additional validations in place which make executing this vulnerability impractical within the Joomla environment.
see their respective security advisory at developer.joomla.org/security-centre/668...%21+Security+News%29

However due to the severity of this vulnerability and the wide usage of PHPMailer class, you might wish to clarify this for other implementations of the PHPMailer class in your environment as well.

Let me also use this opportunity to wish all of you a successful 2017

Ruediger Schultz
Schultz IT Solutions

Ruediger Schultz
Schultz IT Solutions

Please support jDBexport on JOOMLA Extension directory (JED) at
extensions.joomla.org/extensions/extensi...ta-reports/jdbexport
The topic has been locked.