Skip to main content

New Vulnerability Could Allow Access To Your Website

By January 11, 2017March 1st, 2023Cybersecurity

newxvulnerabilityHardly a week goes by that a new exploit or attack vector doesn’t come to light that your IT staff has to try to defend against.

The most recent threat comes from a vulnerability in the PHP Mailer Library, which is code used by most of the websites in existence today to help manage the sending of emails.
If you have a website for your business, then it’s almost certain that you have a form your customers can use to reach out to you. If you do, then odds are good that you’re using code from the PHP Mailer Library regardless of it you’re aware of it.

This particular threat has a bit of a story behind it because it was first uncovered a couple of months ago by a security researcher named Dawid Golunski.

In response to his discovery, a patch was released (PHPMailer 5.2.18), but it was later found that the patch was incomplete. Hackers could bypass the patched portion of the code and execute the exploit anyway. A new patch is being readied in response.

In terms of risk, this vulnerability isn’t as severe as others we’ve seen in recent months because its exact impact depends in large part on how your website’s mail function is configured.

There’s good news on that front. If you used a CMS (Content Management System) like Joomla or WordPress to build your business site, then the odds of this issue having any notable impact are quite low, because in their default settings, those platforms bypass the vulnerable parts of the code.

Nonetheless, the risk is quite real, and if a hacker uses this exploit successfully against you, he could gain almost total control of your website. The hacker could infect the server your website is on, displaying ads with poisoned images or links to malware that will make life miserable for your customers.

Make sure your staff is aware of the potential problem, and be on the lookout for the latest patch!

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.