TheFox / smtpd

SMTP server (library) for receiving emails, written in pure PHP.
https://fox21.at
MIT License
121 stars 30 forks source link

Upgrade phpMailer to v5.2.27 due to Security issue #19

Open TheFox opened 4 years ago

TheFox commented 4 years ago

PHPMailer versions prior to 6.0.6 and 5.2.27 are vulnerable to an object injection attack by passing phar:// paths into addAttachment() and other functions that may receive unfiltered local paths, possibly leading to RCE.

See https://knasmueller.net/5-answers-about-php-phar-exploitation?cookie-state-change=1583482795465