Description
class.phpmailer.php in the PHPMailer library, as used in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 and other products, allows remote authenticated users to inject arbitrary e-mail headers via vectors involving a crafted (1) From: or (2) Sender: header.
Remediation
References
Related Vulnerabilities
Apache HTTP Server Other Vulnerability (CVE-2021-33193)
Joomla Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-35615)
WordPress Plugin Zingiri Web Shop 'ajax_save_name.php' Remote Code Execution (2.2.3)
WordPress Plugin My Site Audit Cross-Site Scripting (1.2.4)
WordPress Plugin InBoundio Marketing Arbitrary File Upload (2.0.3)