Description

class.phpmailer.php in the PHPMailer library, as used in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 and other products, allows remote authenticated users to inject arbitrary e-mail headers via vectors involving a crafted (1) From: or (2) Sender: header.

Remediation

References

CVE-2012-0796

Related Vulnerabilities

Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-2582)

WordPress Plugin Shortcode for Font Awesome Cross-Site Scripting (1.4)

WordPress Plugin NextScripts:Social Networks Auto-Poster Cross-Site Scripting (4.2.7)

WordPress Plugin Variation Swatches for WooCommerce Cross-Site Scripting (1.0.61)

WordPress 3.8.x Multiple Vulnerabilities (3.8 - 3.8.21)

Severity

Medium

Classification

CVE-2012-0796 CWE-94

Tags

Missing Update Known Vulnerabilities