Support Forum

Every time that you post a problem, PLEASE add the Joomla and the extension's versions and revisions (for example: Joomla 3.3.6, Contact Enhanced 3.3.5), PHP version and Server's Operating System. If you only manage only one site it is easier if you edit your profile and just add that information to your signature. Don't forget to add a detailed description of the problem. If possible, write down all steps to simulate the problem.

Before submitting a new post, PLEASE make sure you are running the latest version, test in different browsers (IE, FF, Chrome,..) and clear Joomla and browser's cache after every change you make.

Also, most questions are already answered in our FAQ and in iFAQ and Contact Enhanced documentation pages.

Regarding PHPmailer vulnerability

7 years 2 months ago #22815 by bbrained
Good afternoon,

I just received an email regarding a possible vulnerability in the PHPmailer system. Does you AjaxContact contain it's own PHPmailer script or does it send email relying on the Joomla server setting. Thank you.

Here is the quote from the hosting company
................................
We have identified your account (khanna-law.com) as containing a serious vulnerability with PHPMailer allowing attackers to eavesdrop on communications, steal data, and impersonate users if it goes unaddressed. More information on this vaulnerability can be found here: threatpost.com/phpmailer-bug-l...ebsites-open-to-attack/122775/


NOTE: THIS IS NOT A GENERAL EMAIL, THIS CODE HAS BEEN FOUND ON YOUR SITE !!!

................................

Regards,
Bryon

Please Log in or Create an account to join the conversation.

7 years 2 months ago #22816 by support
Dear Bryon,

All our extensions use the PHPMailer included in Joomla and we use Joomla framework to send the emails. After analysis, the JSST has determined that through correct use of the JMail class, there are additional validations in place which make executing this vulnerability impractical within the Joomla environment. All our extensions use the JMail class correctly, so you don'y need to worry about this issue.

PS: There's no subscription linked to your account. Is this a pre-sales question? Are you planning to purchase Ajax Contact?

Best regards,

Please Log in or Create an account to join the conversation.

7 years 2 months ago #22817 by bbrained
Thank you,

I will pass along the information. I could not find my original subscription credentials for it had been some time (the subscription was attached to a AjaxContact 1.6 version running on Joomla 1.6.5) and required an answer to my question. Thank you for the quick response.

Regards,
Bryon

Please Log in or Create an account to join the conversation.

Powered by Kunena Forum

Copyright © 2018 IdealExtensions.com. All Rights Reserved.

This site is not affiliated with or endorsed by the Joomla!™ Project. It is not supported or warranted by the Joomla!™ Project or Open Source Matters™. The Joomla!™ logo is used under a limited license granted by Open Source Matters™, the trademark holder in the United States and other countries.
We may collect your IP address and your browser's User Agent string while using our site for security reasons and deriving aggregate information (analytics). This information is retained for a minimum of 1 and a maximum of 24 months.
Feedback