Description

class.phpmailer.php in the PHPMailer library, as used in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 and other products, allows remote authenticated users to inject arbitrary e-mail headers via vectors involving a crafted (1) From: or (2) Sender: header.

Remediation

References

CVE-2012-0796

Related Vulnerabilities

PHP-Fusion CVE-2020-35952 Vulnerability (CVE-2020-35952)

OpenSSL Cryptographic Issues Vulnerability (CVE-2015-0285)

Apache HTTP Server Other Vulnerability (CVE-2004-0493)

Drupal Core 8.5.x Cross-Site Scripting (8.5.0 - 8.5.1)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4632)

Severity

Medium

Classification

CVE-2012-0796 CWE-94

Tags

Missing Update Known Vulnerabilities