To secure your PHP email forms against these types of exploits, follow these standards:
file in a web-accessible directory. They would then send a message body containing a PHP payload (like
tags into name or message fields. If the PHP script echoes this data back to a page without using htmlspecialchars() , the script executes in the user's browser. 2. The "v3.1" Confusion: PHPMailer RCE (CVE-2016-10033)
To secure your PHP email forms against these types of exploits, follow these standards:
file in a web-accessible directory. They would then send a message body containing a PHP payload (like php email form validation - v3.1 exploit
tags into name or message fields. If the PHP script echoes this data back to a page without using htmlspecialchars() , the script executes in the user's browser. 2. The "v3.1" Confusion: PHPMailer RCE (CVE-2016-10033) To secure your PHP email forms against these