Susan Posted June 11, 2018 Posted June 11, 2018 Hi Is there a patch or some other form of solution to update the outdated phpmailer version that CubeCart version 6 is using Thanks Susan Quote
bsmither Posted June 11, 2018 Posted June 11, 2018 (edited) I believe the PHPMailer is a stand-alone library. Meaning, it can be swapped out with a later version if you so desire. (Rename phpMailer folder to something else, FTP whatever version you want to a folder with the name phpMailer. This is in the /classes/ folder.) I recall a more recent version of PHPMailer coming with recent versions of CC6.1.x and CC6.2. Edited June 11, 2018 by bsmither Quote
Susan Posted June 11, 2018 Author Posted June 11, 2018 Version 6.2 still has the old version of phpmailer and it is not just swappable- the code files in the phpmailer folder need tweaking- this is documented doesn't anyone else care about the exploitable version in cubecart? There should be a patch or fix issued by cubecart that is compatible with the cart Quote
bsmither Posted June 11, 2018 Posted June 11, 2018 According to this issue in the Github (https://github.com/cubecart/v6/issues/1429), PHPMailer is up to 5.2.21 as of CubeCart releases made after Dec 2016. I will do some research. Ok, PHPMailer is up to 5.2.26 which fixes a couple of CVEs, and 6.0.5 which is the supported series. Quote
bsmither Posted June 11, 2018 Posted June 11, 2018 (edited) I compared PHPMailer 5.2.21 (fresh from their Github repository) with CC620's inclusion of PHPMailer 5.2.21. Nothing in CC's files are different than the files fresh from the repository. I will post an issue in CubeCart's Github to get PHPMailer 5.2.26, with an advisory to get PHPMailer 6.0 series and make compatible CubeCart's Mailer class. Edited June 11, 2018 by bsmither Quote
Susan Posted June 11, 2018 Author Posted June 11, 2018 a compatible update with PHPMailer 6.0 series and cubecart would be great! Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.