Does OC 2 use PHPMailer?
https://www.wordfence.com/blog/2016/12/ ... dium=email
If you are using PHPMailer older than 5.2.18 in your own PHP applications, themes or plugins, please upgrade to PHPMailer 5.2.18 or newer immediately.
If you are a WordPress theme or plugin developer and have included your own copy of PHPMailer in your plugin or theme code, you need to update to PHPMailer 5.2.18 or newer immediately and release a fix to your customers.
I know this announcement is related to WordPress, but I was thinking that PHPMailer is probably used in OC as well?
As far as I'm concerned, OC 2 uses its own Mail class. It's in system/library folder.
Professional OpenCart extensions, support and custom work.
Contact me via email or Skype by support@thekrotek.com
While OpenCart native does not use phpMailer, I know some who do.Johnathan wrote:No, OpenCart does not use PhpMailer. This vulnerability does not affect it.
And there are some extensions offering phpMailer:
https://www.opencart.com/index.php?rout ... ch=phpmail
And ALL of them are using the old unsecure code!
Therefore these extensions should be disabled!
Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.
Good point -- I'd do it, but Daniel removed extension moderators with the new site upgrade, and I'm not sure if he's planning on re-instating them. You should contact the OpenCart team about it, and ask them to disable those extensions, or at least post a comment on them warning people of the vulnerability.
Who is online
Users browsing this forum: No registered users and 46 guests