You may have noticed that CVE-2020-10033 came out yesterday, which discloses an Remote Code Execution (RCE) vulnerability in the PHPMailer library which is used by popular contrib modules like SMTP or PHPMailer.This is a highly critical vulnerability because Remote Code Execution means an attacker can run arbitrary code on your server!The Drupal maintenance support plans Security team just made a PSA today: DRUPAL-PSA-2020-004The real, full fix is to update the PHPMailer library to version 5.2.19 or later, or if you use the SMTP module version 7.x-1.5 or lower, to update to SMTP 7.x-1.6 (because SMTP 7.x-1.x embeds the library in the module).However, if you’re using Drupal maintenance support plans 6, you probably have an old version of PHPMailer (5.1 or lower), and newer versions may not be compatible with the code on your site (either custom or contrib). Attempting an update in the middle of the holidays when not everyone is available to test or deal with follow-up issues might not be the best idea.So, what we’re recommending (and what we’ve already done for our customers) is removing the vulnerable feature from the PHPMailer library.The vulnerability is in PHPMailer support for sending mail via the ‘sendmail’ command-line application. However, odds are you using PHPMailer exclusively for sending via SMTP (like the SMTP and PHPMailer modules do). So, you can just delete the code for that feature!Here’s how… Open the class.phpmailer.php file, and delete:
Source: New feed
Drupal maintenance support plans 6 workaround for the highly critical vulnerability in PHPMailer
Call Us: 1(800)730-2416
Pixeldust is a 20-year-old web development agency specializing in Drupal and WordPress and working with clients all over the country. With our best in class capabilities, we work with small businesses and fortune 500 companies alike. Give us a call at 1(800)730-2416 and let’s talk about your project.
FREE Drupal SEO Audit
Test your site below to see which issues need to be fixed. We will fix them and optimize your Drupal site 100% for Google and Bing. (Allow 30-60 seconds to gather data.)
Drupal maintenance support plans 6 workaround for the highly critical vulnerability in PHPMailer
On-Site Drupal SEO Master Setup
We make sure your site is 100% optimized (and stays that way) for the best SEO results.
With Pixeldust On-site (or On-page) SEO we make changes to your site’s structure and performance to make it easier for search engines to see and understand your site’s content. Search engines use algorithms to rank sites by degrees of relevance. Our on-site optimization ensures your site is configured to provide information in a way that meets Google and Bing standards for optimal indexing.
This service includes:
- Pathauto install and configuration for SEO-friendly URLs.
- Meta Tags install and configuration with dynamic tokens for meta titles and descriptions for all content types.
- Install and fix all issues on the SEO checklist module.
- Install and configure XML sitemap module and submit sitemaps.
- Install and configure Google Analytics Module.
- Install and configure Yoast.
- Install and configure the Advanced Aggregation module to improve performance by minifying and merging CSS and JS.
- Install and configure Schema.org Metatag.
- Configure robots.txt.
- Google Search Console setup snd configuration.
- Find & Fix H1 tags.
- Find and fix duplicate/missing meta descriptions.
- Find and fix duplicate title tags.
- Improve title, meta tags, and site descriptions.
- Optimize images for better search engine optimization. Automate where possible.
- Find and fix the missing alt and title tag for all images. Automate where possible.
- The project takes 1 week to complete.
