Description
class.phpmailer.php in the PHPMailer library, as used in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 and other products, allows remote authenticated users to inject arbitrary e-mail headers via vectors involving a crafted (1) From: or (2) Sender: header.
Remediation
References
Related Vulnerabilities
Python Off-by-one Error Vulnerability (CVE-2007-2052)
concrete5 Improper Input Validation Vulnerability (CVE-2017-18195)
Jenkins Protection Mechanism Failure Vulnerability (CVE-2021-21696 )
WordPress Plugin RBX Gallery 'uploader.php' Arbitrary File Upload (2.1)
WordPress Plugin View All Post's Pages Cross-Site Scripting (0.9)