Hi
Our Plesk based ImunifyAV antimalware still identifies threats in /components/com_acymailing/inc/phpmailer/class.phpmailer.php as CVE-2016-10045 and CVE-2016-10031

do you kno why please ?

thanks

cyril

Hi,

this is false positive alarm. We are using phpmailer version which fixed this kind of problem long time ago.

You can safely disregard this report.

7 months later

Hi, same problem here.
I saw your answer to Pulsar but what if site user use an old version of Acymailing and don't want to upgrade ?
In our case it is AcyMailing Essential : 5.2.0.
Can you please provide a fixed version of file class.phpmailer.php for acymailing 5 ?

Hi,

The version you are using is outdated and you are also missing important security updates. Please update to the latest version 5.10.14 or consider migrating to v6.

Hi,

just to add something. Your client is using version which is more than 4 years old

As @jvstratum said, you or your client are missing huge number of security fixes and improvements. We can't provide just an updated class.phpmailer.php because it wouldn't work with your version.

Regards,
Igor