Want to try live ? Try our free demo website

Critical security patch v8.5.0 – check your websites now

Spaceman Mascotte 2

Unlock your emailing powers

Design newsletter or marketing campaigns easily with all our tools. Created in 2009, AcyMailing is the most robust and affordable solution on the market.

Maintaining a safe environment for your website and campaigns is of critical importance, and the security of your email marketing tool is our first priority. We’ve proactively addressed a crucial concern regarding the templates thumbnail generator. This vulnerability, present since version 6.7.0 and up to version 8.4.6, has been effectively mitigated in version 8.5.0, ensuring the integrity of your email campaigns tool. We encourage prompt updates to benefit from this protection.

We have received the help of David Jardin, head of the Joomla security team and Sigrid Gramlinger, Joomla release team lead.

Vulnerability Addressed:

Unauthorized file creation: This vulnerability could allow the creation of malicious PHP files through our templates thumbnail generator. Once created, these files can provide an attacker full access to your website including all Joomla files, database credentials in the configuration.php file and your database content including user rows. This issue has been addressed to prevent the use of this vulnerability.

How to update?

To update to the latest version of AcyMailing and benefit from this security patch, you can use the extensions update page on Joomla websites. You can also manually download the latest version from your account page (click the “Download” button once logged in on our website to be taken to your download area) then install this new version like any new extension: it will update AcyMailing if it is already installed on your website.

Are you impacted?

Once you’ve updated AcyMailing to its latest version, we urge you to look for files named thumbnail_*.php (i.e. thumbnail_999.png?.php) on your websites. Common attack patterns have written those files to media/com_acym/images/thumbnails, however these files could have been created in other folders.
If you come across a similar named file, don’t open it and use FTP or SSH to remove it.

  • The most common locations (XXX are random letters – the date of that files might be older than May) may be:
  • We are preparing a script to scan your site files and automatically detect the ones created through the vulnerability. It can be found on this forum thread for now.
  • If you find an infected file, note its creation date and check the files having the same creation date
  • Look for files containing “$_COOKIE” as common attack patterns have used it to try to get cookie values.
  • If you find malicious files, it is best to change your database password and FTP/SMTP accounts passwords (if they are configured in the global Joomla configuration page).

Our Security Pledge:

Rest assured that your security and the dependability of AcyMailing constitute our steadfast commitment. We encourage you to remain vigilant by consistently updating your AcyMailing installation to the latest security advancements and features.

Share the Post:

Related Posts

How can you use email in your omnichannel marketing strategy?

In today’s complex marketing landscape, where customers interact with brands across a multitude of channels, the question of how to effectively integrate email into an omnichannel marketing strategy is more relevant than ever. While social media and other digital platforms often dominate discussions, email remains a powerful and indispensable tool

Read More

How can you use e-mail retargeting campaigns to engage prospects?

According to a survey carried out by the Toluna Harris Interactive Institute for Fevad, 9 out of 10 consumers shop online on all screens. Despite these figures, generating sales is one of the most difficult challenges in today’s competitive business environment. While it’s easy to attract prospects, the challenge lies

Read More