PHPMailer?

Post Reply
gossamerLL
Posts: 21
Joined: Thu Jul 25, 2013 4:13 am

PHPMailer?

Post by gossamerLL » Wed Dec 28, 2016 12:26 am

Does OC 2 use PHPMailer?
https://www.wordfence.com/blog/2016/12/ ... dium=email

If you are using PHPMailer older than 5.2.18 in your own PHP applications, themes or plugins, please upgrade to PHPMailer 5.2.18 or newer immediately.

If you are a WordPress theme or plugin developer and have included your own copy of PHPMailer in your plugin or theme code, you need to update to PHPMailer 5.2.18 or newer immediately and release a fix to your customers.

I know this announcement is related to WordPress, but I was thinking that PHPMailer is probably used in OC as well?

User avatar
thekrotek
Posts: 596
Joined: Sun Jul 03, 2016 12:24 am
Contact:

Re: PHPMailer?

Post by thekrotek » Wed Dec 28, 2016 4:12 am

As far as I'm concerned, OC 2 uses its own Mail class. It's in system/library folder.
Image

User avatar
Johnathan
Global Moderator
Posts: 5856
Joined: Fri Dec 18, 2009 3:08 am
Contact:

Re: PHPMailer?

Post by Johnathan » Wed Dec 28, 2016 11:56 am

No, OpenCart does not use PhpMailer. This vulnerability does not affect it.
Image
Image Image Image Image Image Image

User avatar
OSWorX
Posts: 4145
Joined: Mon Jan 11, 2010 10:52 pm
Location: Austria
Contact:

Re: PHPMailer?

Post by OSWorX » Wed Dec 28, 2016 6:44 pm

Johnathan wrote:No, OpenCart does not use PhpMailer. This vulnerability does not affect it.
While OpenCart native does not use phpMailer, I know some who do.
And there are some extensions offering phpMailer:
https://www.opencart.com/index.php?rout ... ch=phpmail

And ALL of them are using the old unsecure code!
Therefore these extensions should be disabled!
Image

User avatar
Johnathan
Global Moderator
Posts: 5856
Joined: Fri Dec 18, 2009 3:08 am
Contact:

Re: PHPMailer?

Post by Johnathan » Wed Dec 28, 2016 11:22 pm

Good point -- I'd do it, but Daniel removed extension moderators with the new site upgrade, and I'm not sure if he's planning on re-instating them. You should contact the OpenCart team about it, and ask them to disable those extensions, or at least post a comment on them warning people of the vulnerability.
Image
Image Image Image Image Image Image

gossamerLL
Posts: 21
Joined: Thu Jul 25, 2013 4:13 am

Re: PHPMailer?

Post by gossamerLL » Thu Dec 29, 2016 12:45 am

Thanks for the answers! Glad it's not a worry.

Post Reply

Return to “Security & Server”

Who is online

Users browsing this forum: No registered users and 8 guests