Is the Fabrik email form plugin, which allows user input for the 'from' address, subject to this vulnerability?
Joomla Security Announcement, 12-05-2016 link.
Joomla Security Announcement, 12-05-2016 link.
-
Joomla 5.1
For running J!5.1 you must https://fabrikar.com/forums/index.php?wiki/update-from-github/ or include the new file manually https://fabrikar.com/forums/index.php?threads/joomla-5-1-and-fabrik-cannot-find-files-error.54473/post-285151 See also Announcements
-
Donation Update and Moving Forward
Please see our announcement here.
PHP Mailer Vulnerability
- Thread starter billvv
- Start date
cheesegrits
Support Gopher
I haven't personally tested it, but we use the J! JMail API to set the from, using $mailer->setFrom(), which according to the Joomla security team should have validations in it which would prevent this exploit.
-- hugh
-- hugh