[20170401] – Core – Information Disclosure

  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 1.5.0 through 3.6.5
  • Exploit type: Information Disclosure
  • Reported Date: 2017-Jan-02
  • Fixed Date: 2017-April-25
  • CVE Number: CVE-2017-7983

Description

Mail sent using the JMail API leaked the used PHPMailer version in the mail headers.

Affected Installs

Joomla! CMS versions 1.5.0 through 3.6.5

Solution

Upgrade to version 3.7.0

Contact

The JSST at the Joomla! Security Centre.

Reported By: Conor McKnight

Leave a Comment