Description
class.phpmailer.php in the PHPMailer library, as used in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 and other products, allows remote authenticated users to inject arbitrary e-mail headers via vectors involving a crafted (1) From: or (2) Sender: header.
References (4)
Core 4
Core References
Patch x_refsource_confirm
http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=62988bf0bbc73df655f51884aaf1f523928abff9
Vendor Advisory x_refsource_confirm
http://moodle.org/mod/forum/discuss.php?d=194015
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2012/dsa-2421
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=783532
Scores
EPSS
0.0019
EPSS Percentile
41.1%
Details
CWE
CWE-94
Status
published
Products (28)
moodle/moodle
1.9.1
moodle/moodle
1.9.2
moodle/moodle
1.9.3
moodle/moodle
1.9.4
moodle/moodle
1.9.5
moodle/moodle
1.9.6
moodle/moodle
1.9.7
moodle/moodle
1.9.8
moodle/moodle
1.9.9
moodle/moodle
1.9.10
... and 18 more
Published
Jul 17, 2012
Tracked Since
Feb 18, 2026