Description

class.phpmailer.php in the PHPMailer library, as used in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 and other products, allows remote authenticated users to inject arbitrary e-mail headers via vectors involving a crafted (1) From: or (2) Sender: header.

Remediation

References

CVE-2012-0796

Related Vulnerabilities

PHP Resource Management Errors Vulnerability (CVE-2011-1657)

MySQL CVE-2021-2481 Vulnerability (CVE-2021-2481)

WordPress Plugin Feed Them Social-for Twitter feed, Youtube and more Multiple Vulnerabilities (2.9.9)

Moodle Uncontrolled Resource Consumption Vulnerability (CVE-2020-25630)

WordPress Plugin BuddyPress Docs Security Bypass (1.9.2)

Severity

Medium

Classification

CVE-2012-0796 CWE-94

Tags

Missing Update Known Vulnerabilities