Home » Your Zen Cart Pro Says... » Patch: PHPMailer security bug – affects various versions of Zen Cart

Patch: PHPMailer security bug – affects various versions of Zen Cart


UPDATED WITH NEW PHPMailer 5.2.21 patch files

Patch instructions to update PHPMailer for various Zen Cart versions:

(I do recommend you make a complete backup of all your PHP files before you do the following patching. You should be making regular backups anyway!)

v1.5.5a, v155b, v155c: (simple update: just replace the PHPMailer files using the following zip) (“replace” means “remove old, replace with new”)
– unzip and upload the “PHPMailer” folder to /includes/classes/vendors/PHPMailer … replacing the existing folder there.
– Here’s the zip for v155/v155a/v155b/v155c: PHPMailer-5-2-21-for-includes-classes-vendors.zip

v1.3.9 to v1.5.4: (numerous additional files to replace in main “includes” folder, using the following zip)
– unzip the following file: New-PHPMailer-5-2-21-and-support-files-to-update-in-main-includes-folder.zip
– this will create numerous folders and files, which need to be uploaded to your server, replacing the existing files by the same name:
/includes/classes/vendors/PHPMailer/ (this will probably be a new folder for you)
/includes/classes/class.phpmailer.php (replace the old one)
/includes/classes/class.smtp.php (replace the old one)
/includes/functions/functions_email.php (replace the old one)
– you can delete the now-obsolete /includes/classes/support/ folder.

(NOTE: for a few hours this zip file had an extra /includes/functions_email.php file (not inside the “functions” folder) which should not have been present. The extra file can be deleted. The zip above is updated.)

v1.3.8 and older: (upgrade path unknown)
– It “may” be possible to use the zip for v139-v154 above, but this has NOT been tested on v138. You REALLY should be upgrading to a MODERN version of Zen Cart IMMEDIATELY!!!!
… or just upgrade to v1.5.5d

Leave a Reply

Your email address will not be published. Required fields are marked *