Security Alert - PHPMailer Exploit [Critical]

[omoe]

"A serious exploit was discovered recently in the most popular mailing script. It is used by many software including forums and billing software."

This is a message i received from my host few minutes ago and was wondering if xenForo is effected from it .

 

[Chris D]

XenForo doesn't use PHPMailer so it is not affected.

 

[omoe]

XenForo doesn't use PHPMailer so it is not affected.

Thank you .

 

[W.D]

Seems this exploit also affects SwiftMailer and more worrying Zend Mail which from a quick look XenForo seems to use. @Chris D @Mike

https://legalhackers.com/advisories...ail-Remote-Code-Exec-CVE-2016-10034-Vuln.html
https://framework.zend.com/security/advisory/ZF2016-04

Not sure what version XenForo uses but thought I'd link to be safe incase you missed it. Not a coder myself so will leave to the experts to check.

 

[Mike]

I looked into the concept of the issue at the time and did not believe we were vulnerable, though I will double check.