CVE-2012-0796

Published: Jul 17, 2012Modified: Apr 29, 2026

4.0

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:N

Exploitability: 8.0 / Impact: 2.9

Source: NVD

Description

class.phpmailer.php in the PHPMailer library, as used in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 and other products, allows remote authenticated users to inject arbitrary e-mail headers via vectors involving a crafted (1) From: or (2) Sender: header.

Affected (27)

Products: Moodle: Moodle

Moodle

1 product

Moodle

Configuration A

15 vulnerable

Vulnerable Software	Affected Versions
Moodle Moodle	Version 1.9.10
Moodle Moodle	Version 1.9.11
Moodle Moodle	Version 1.9.12
Moodle Moodle	Version 1.9.13
Moodle Moodle	Version 1.9.14
Moodle Moodle	Version 1.9.15
Moodle Moodle	Version 1.9.1
Moodle Moodle	Version 1.9.2
Moodle Moodle	Version 1.9.3
Moodle Moodle	Version 1.9.4
Moodle Moodle	Version 1.9.5
Moodle Moodle	Version 1.9.6
Moodle Moodle	Version 1.9.7
Moodle Moodle	Version 1.9.8
Moodle Moodle	Version 1.9.9

Configuration B

7 vulnerable

Vulnerable Software	Affected Versions
Moodle Moodle	Version 2.0.0
Moodle Moodle	Version 2.0.1
Moodle Moodle	Version 2.0.2
Moodle Moodle	Version 2.0.3
Moodle Moodle	Version 2.0.4
Moodle Moodle	Version 2.0.5
Moodle Moodle	Version 2.0.6