An Interest In:
Web News this Week
- April 22, 2024
- April 21, 2024
- April 20, 2024
- April 19, 2024
- April 18, 2024
- April 17, 2024
- April 16, 2024
December 28, 2016 12:00 am
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/1RKxy362TEg/millions-of-websites-vulnerable-due-to-security-bug-in-popular-php-script
Millions of Websites Vulnerable Due To Security Bug In Popular PHP Script
An anonymous reader writes from a report via BleepingComputer: A security flaw discovered in a common PHP class allows knowledgeable attackers to execute code on a website that uses a vulnerable version of the script, which in turn can allow an attacker to take control over the underlying server. The vulnerable library is PHPMailer, a PHP script that allows developers to automate the task of sending emails using PHP code, also included with WordPress, Drupal, Joomla, and more. The vulnerability was fixed on Christmas with the release of PHPMailer version 5.2.18. Nevertheless, despite the presence of a patched version, it will take some time for the security update to propagate. Judging by past incidents, millions of sites will never be updated, leaving a large chunk of the Internet open to attacks. Even though the security researcher who discovered the flaw didn't publish any in-depth details about his findings, someone reverse-engineered the PHPMailer patch and published their own exploit code online, allowing others to automate attacks using this flaw, which is largely still unpatched due to the holiday season.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/1RKxy362TEg/millions-of-websites-vulnerable-due-to-security-bug-in-popular-php-script
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot