Description

class.phpmailer.php in the PHPMailer library, as used in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 and other products, allows remote authenticated users to inject arbitrary e-mail headers via vectors involving a crafted (1) From: or (2) Sender: header.

Remediation

References

CVE-2012-0796

Related Vulnerabilities

Apache HTTP Server Other Vulnerability (CVE-2021-33193)

Joomla Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-35615)

WordPress Plugin Zingiri Web Shop 'ajax_save_name.php' Remote Code Execution (2.2.3)

WordPress Plugin My Site Audit Cross-Site Scripting (1.2.4)

WordPress Plugin InBoundio Marketing Arbitrary File Upload (2.0.3)

Severity

Medium

Classification

CVE-2012-0796 CWE-94

Tags

Missing Update Known Vulnerabilities