CVE-2016-10045, CVE-2016-10031 vulnerabilities

Ppulsarinformatique · Sep 29, 2019

Hi
Our Plesk based ImunifyAV antimalware still identifies threats in /components/com_acymailing/inc/phpmailer/class.phpmailer.php as CVE-2016-10045 and CVE-2016-10031

do you kno why please ?

thanks

cyril

Alexandre · Sep 30, 2019

Hi,

this is false positive alarm. We are using phpmailer version which fixed this kind of problem long time ago.

You can safely disregard this report.

Ppulsarinformatique · Sep 30, 2019

Thanks for the confirmation.

Nnetenvie · May 13, 2020

Hi, same problem here.
I saw your answer to Pulsar but what if site user use an old version of Acymailing and don't want to upgrade ?
In our case it is AcyMailing Essential : 5.2.0.
Can you please provide a fixed version of file class.phpmailer.php for acymailing 5 ?

jvstratum · May 14, 2020

Hi,

The version you are using is outdated and you are also missing important security updates. Please update to the latest version 5.10.14 or consider migrating to v6.

mihha · May 14, 2020

Hi,

just to add something. Your client is using version which is more than 4 years old

As @jvstratum said, you or your client are missing huge number of security fixes and improvements. We can't provide just an updated class.phpmailer.php because it wouldn't work with your version.

Regards,
Igor

CVE-2016-10045, CVE-2016-10031 vulnerabilities

PpulsarinformatiqueSupport Beginner

AlexandreSupport Senior

PpulsarinformatiqueSupport Beginner

Nnetenvie

jvstratumSupport Senior

mihhaSupport Beginner