Headline
CVE-2012-0796
class.phpmailer.php in the PHPMailer library, as used in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 and other products, allows remote authenticated users to inject arbitrary e-mail headers via vectors involving a crafted (1) From: or (2) Sender: header.
Related news
### Impact Arbitrary additional email headers can be injected via crafted From or Sender headers. ### Patches Fixed in 2.2.1 ### Workarounds Filter user-supplied values prior to using them in From or Sender properties. ### References https://nvd.nist.gov/vuln/detail/CVE-2012-0796 ### For more information If you have any questions or comments about this advisory: * Open a private issue in [the PHPMailer project](https://github.com/PHPMailer/PHPMailer)