CVE-2012-0796

class.phpmailer.php in the PHPMailer library, as used in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 and other products, allows remote authenticated users to inject arbitrary e-mail headers via vectors involving a crafted (1) From: or (2) Sender: header.

Published: Jul 17, 2012
Updated: May 9, 2024
CVE: CVE-2012-0796
GHSA: GHSA-398j-f7m7-795j
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:P/A:N

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
moodle / moodle	1.9.4	1.9.4.x
moodle / moodle	1.9.1	1.9.1.x
moodle / moodle	1.9.6	1.9.6.x
moodle / moodle	1.9.9	1.9.9.x
moodle / moodle	1.9.11	1.9.11.x
moodle / moodle	1.9.2	1.9.2.x
moodle / moodle	1.9.12	1.9.12.x
moodle / moodle	1.9.10	1.9.10.x
moodle / moodle	1.9.3	1.9.3.x
moodle / moodle	1.9.13	1.9.13.x
moodle / moodle	1.9.5	1.9.5.x
moodle / moodle	1.9.14	1.9.14.x
moodle / moodle	1.9.15	1.9.15.x
moodle / moodle	1.9.8	1.9.8.x
moodle / moodle	1.9.7	1.9.7.x
moodle / moodle	2.0.2	2.0.2.x
moodle / moodle	2.0.1	2.0.1.x
moodle / moodle	2.0.4	2.0.4.x
moodle / moodle	2.0.3	2.0.3.x
moodle / moodle	2.0.6	2.0.6.x
moodle / moodle	2.0.5	2.0.5.x
moodle / moodle	2.0.0	2.0.0.x
moodle / moodle	2.1.2	2.1.2.x
moodle / moodle	2.1.1	2.1.1.x
moodle / moodle	2.1.3	2.1.3.x
moodle / moodle	2.1.0	2.1.0.x
moodle / moodle	2.2.0	2.2.0.x
phpmailer / phpmailer	-	2.2.1

Vulnerability Database

289,782

CVE-2012-0796