PHPMailer 0day.

Publicated on : 1181639477
Thor Larholm has discovered a flaw inside PHPMailer where formatted strings are not sanitized. PHPMailer is a PHP class that is used in tons of software packages even WordPress & Joomla. The vulnerability allows to inject shell code to perform system calls. This shows again how dangerous it is to use third party classes, Now millions of websites are affected. I hope another lesson learned: formatted strings do not protect you. Pow!