[VIM] CS-Cart issue maybe PHPMailer?

security curmudgeon jericho at attrition.org
Mon Jun 5 17:03:58 EDT 2006


http://milw0rm.com/exploits/1872

The example url:
/[CS-Cart_path]/classes/phpmailer/class.cs_phpmailer.php?classes_dir=[evil_scripts]


Looking at the PHPMailer package (http://phpmailer.sourceforge.net/), we 
see it has "class.phpmailer.php" in it. It is likely CS-Cart utilizes the 
free PHPMailer package and the vulnerability lies in it. I am contacting 
Brent Matzelle to ask.


More information about the VIM mailing list