A report was submitted to the Mantis team this week describing a vulnerability in the PHPMailer class. This class is used by Mantis to send notification emails for issue updates.<br /> <br /> The exploit takes advantage of a hole in how PHP implements the internal interface to the sendmail MTA. The setting for the sender address can be used to gain access to system resources. This exploit is described in <a href="http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/">http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/</a> [<a href="http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/" target="_blank">^</a>] and <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3215">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3215</a> [<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3215" target="_blank">^</a>] .<br /> <br /> After reviewing the Mantis code, we determined that this vulnerability does not affect the operation of the tool. We read the sender address from configuration data. To use this exploit, someone would require administrator level access and/or direct access to the database. The probability of exploit is very low. A small patch will be added in the next release to prevent the problem completely.<br /> <br /> In general, we recommend using the SMTP mode, rather than sendmail, rather than the local sendmail implementation. Most platforms, (Windows, especially), have problems with the internal PHP implementation of the sendmail. The PHPMailer implementation of SMTP is more robust and slightly faster.

The Unified Web Evaluation Methodology (UWEM) is the result of a joint effort by 23 European organisations in three European projects combined in a cluster to develop a harmonized methodology for evaluating the accessibility of web sites. UWEM defines a sampling method, tests to check conformance against WCAG 1.0 checkpoints (priority 1 and 2), an aggregation method for test results, and templates for reporting the results.