Description

class.phpmailer.php in the PHPMailer library, as used in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 and other products, allows remote authenticated users to inject arbitrary e-mail headers via vectors involving a crafted (1) From: or (2) Sender: header.

Remediation

References

CVE-2012-0796

Related Vulnerabilities

WordPress Plugin Manual Image Crop Cross-Site Scripting (1.10)

MySQL CVE-2013-5770 Vulnerability (CVE-2013-5770)

Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5498)

Undertow CVE-2022-2764 Vulnerability (CVE-2022-2764)

WordPress Plugin Mingle Forum Multiple Vulnerabilities (1.0.33.3)

Severity

Medium

Classification

CVE-2012-0796 CWE-94

Tags

Missing Update Known Vulnerabilities