[VIM] CS-Cart issue maybe PHPMailer?

Steven M. Christey coley at linus.mitre.org
Mon Jun 5 23:42:25 EDT 2006


might not be PHPmailer.  Just downloaded phpmailer from that URL and
grepped for classes_dir - no go.  So this might be an
interface/integration issue (speaking of which, is anybody else sick of
integration issues yet? I have a feeling it's gonna get worse).

Anyway, since you emailed the PHPMailer people I figured I'd send an
inquiry to the CS-Cart people at http://www.cs-cart.com/contact.php .
Stay tuned.

- Steve



On Mon, 5 Jun 2006, security curmudgeon wrote:

>
> http://milw0rm.com/exploits/1872
>
> The example url:
> /[CS-Cart_path]/classes/phpmailer/class.cs_phpmailer.php?classes_dir=[evil_scripts]
>
>
> Looking at the PHPMailer package (http://phpmailer.sourceforge.net/), we
> see it has "class.phpmailer.php" in it. It is likely CS-Cart utilizes the
> free PHPMailer package and the vulnerability lies in it. I am contacting
> Brent Matzelle to ask.
>


More information about the VIM mailing list