View ProjeQtOr On SourceForge.net
ProjeQtOr - Project Management Tool
Support us on Capterra
OIN - Open Invention Network
ProjeQtOr free project management software - 9.2.1 phpmailer vunerability - ProjeQtOr
 

9.2.1 phpmailer vunerability

More
18 Jul 2021 11:39 #1 by chrisdr2
9.2.1 phpmailer vunerability was created by chrisdr2
Hi,
I recently moved to a new host (A2 Hosting) - they run regular security checks on installed software and sent me a warning email about a code injection vulnerability in phpmailer. I'm running projeqtor 9.2.1. Their patch system (patchman) patched the software.

Received form A2 Hosting

Hello,

As part of our commitment to providing you with a secure hosting environment, we performed an automated scan of your domain(s)
It appears patches are available for application(s) installed in the following path(s):

Code injection vulnerability in PHPMailer
/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/projeqtor/external/PHPMailer/src/PHPMailer.php


If you are working with a development partner, please forward this email on to them as they will be able to take care of the update for you. Otherwise, we will automatically apply the above patches within seven days.

Click here to learn more about our perpetual security scans: www.a2hosting.com/kb/cpanel/advanced-features/patchman

Best regards,

The A2 Hosting Support Team


 

Please Log in or Create an account to join the conversation.

More
19 Jul 2021 11:07 #2 by babynus
Replied by babynus on topic 9.2.1 phpmailer vunerability
Hi,

Thanks for sharing this issue with external Library PHPMailer.
Did you have a patch file with the notification ?
If so, could you please post it here ?
We have the opportunity to upgrade the library from V6.0.6 to V6.5.0 but would like to check if this leak is fixed on this version.
Thanks.
Babynus
Administrator of ProjeQtOr web site

Please Log in or Create an account to join the conversation.

More
19 Jul 2021 11:41 #3 by chrisdr2
Replied by chrisdr2 on topic 9.2.1 phpmailer vunerability
Hi,
No, I don't have the patch file - A2 Hosting's patchman system patched it automatically. If it helps, I can send you the patched file - it should be possible to work out the changes using diff.

Please Log in or Create an account to join the conversation.

More
19 Jul 2021 14:04 #4 by babynus
Replied by babynus on topic 9.2.1 phpmailer vunerability
Yes, please post the patched file.
Babynus
Administrator of ProjeQtOr web site

Please Log in or Create an account to join the conversation.

More
19 Jul 2021 14:23 #5 by chrisdr2
Replied by chrisdr2 on topic 9.2.1 phpmailer vunerability
 

File Attachment:

File Name: PHPMailer.zip
File Size:35 KB


Here you go. I browsed the phpmailer subdirectories, and that appears to be the only file that was patched.
Attachments:

Please Log in or Create an account to join the conversation.

More
19 Jul 2021 15:16 #6 by babynus
Replied by babynus on topic 9.2.1 phpmailer vunerability
Hi,

The patch is the new version from PHPMAiler repository, so we'ill migrate the library to the newest version that includes the patch.
Thanks.
Babynus
Administrator of ProjeQtOr web site

Please Log in or Create an account to join the conversation.

Moderators: babynusprotion
Time to create page: 0.037 seconds

Cookies settings

×

Functional Cookies

Ce site utilise des cookies pour assurer son bon fonctionnement et ne peuvent pas être désactivés de nos systèmes. Nous ne les utilisons pas à des fins publicitaires. Si ces cookies sont bloqués, certaines parties du site ne pourront pas fonctionner.

Session

Please login to see yours activities!

Other cookies

Ce site web utilise un certain nombre de cookies pour gérer, par exemple, les sessions utilisateurs.

Login Form