Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PHPMailer versions prior to 5.2.22 have a local file disclosure vulnerability #2271

Open
neo74 opened this issue Jul 6, 2018 · 0 comments

Comments

@neo74
Copy link

commented Jul 6, 2018

PHPMailer 5.2 (which is compatible with PHP 5.0 - 7.0) is no longer being supported for feature updates, and will only be receiving security updates from now on. (Osclass use 5.2.21)
.....
(The easiest way is to replace only class.xxxxxx.php files of the folder Osclass/oc-includes/phpmailer/ with 3 files from here: 5.2.26)
....., we recommend you make the necessary changes to switch to the 6.0 release.
(or the best way to close all holes and implementation of new extras)
Upgrading from PHPMailer 5.2 to 6.0
Cheers!

garciademarina pushed a commit that referenced this issue Jul 10, 2018
navjottomer added a commit to navjottomer/Osclass that referenced this issue Aug 5, 2018
Merge commit '45d2453c5dd429be0a39d0dc2cc1bef11e19bc98'
* commit '45d2453c5dd429be0a39d0dc2cc1bef11e19bc98': (39 commits)
  updated changelog
  installation minor improvements
  installation minor improvements
  load categories with admin current locale instead of user current locale
  model category refactor listWhere method, compatible with mariaDb
  User.form.class.php use Session::_getForm method to fill <input> value, register post on error save params into session
  updated gui folder
  bump version
  updated changelog
  phpmailer 5.2-stable, fixed osclass#2271
  search_pattern filter
  search_pattern filter
  $user => $aUser
  new filter
  new filter
  new filter
  update readme
  issue osclass#2076
  add subject @ contact email
  add missing form name/id
  ...

# Conflicts:
#	README.md
#	oc-content/themes/bender
#	oc-includes/osclass/classes/AdminToolbar.php
#	oc-includes/osclass/controller/item.php
#	oc-includes/osclass/emails.php
#	oc-includes/osclass/frm/User.form.class.php
#	oc-includes/osclass/helpers/hItems.php
#	oc-includes/osclass/helpers/hSearch.php
#	oc-includes/osclass/helpers/hUsers.php
#	oc-includes/osclass/installer/basic_data.sql
#	oc-includes/osclass/model/Category.php
#	oc-includes/osclass/upgrade-funcs.php
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.