Skip to main content

New Vulnerability Could Allow Access To Your Website

By January 11, 2017March 1st, 2023Cybersecurity

newxvulnerabilityHardly a week goes by that a new exploit or attack vector doesn’t come to light that your IT staff has to try to defend against.

The most recent threat comes from a vulnerability in the PHP Mailer Library, which is code used by most of the websites in existence today to help manage the sending of emails.
If you have a website for your business, then it’s almost certain that you have a form your customers can use to reach out to you. If you do, then odds are good that you’re using code from the PHP Mailer Library regardless of it you’re aware of it.

This particular threat has a bit of a story behind it because it was first uncovered a couple of months ago by a security researcher named Dawid Golunski.

In response to his discovery, a patch was released (PHPMailer 5.2.18), but it was later found that the patch was incomplete. Hackers could bypass the patched portion of the code and execute the exploit anyway. A new patch is being readied in response.

In terms of risk, this vulnerability isn’t as severe as others we’ve seen in recent months because its exact impact depends in large part on how your website’s mail function is configured.

There’s good news on that front. If you used a CMS (Content Management System) like Joomla or WordPress to build your business site, then the odds of this issue having any notable impact are quite low, because in their default settings, those platforms bypass the vulnerable parts of the code.

Nonetheless, the risk is quite real, and if a hacker uses this exploit successfully against you, he could gain almost total control of your website. The hacker could infect the server your website is on, displaying ads with poisoned images or links to malware that will make life miserable for your customers.

Make sure your staff is aware of the potential problem, and be on the lookout for the latest patch!

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.