Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Moodle Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2012-0796 - Vulnerability Database
Moodle

Moodle Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2012-0796

Medium
Reference: CVE-2012-0796
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2012-0796
Title: Moodle Improper Control of Generation of Code (Code Injection) Vulnerability
Overview:

class.phpmailer.php in the PHPMailer library as used in Moodle 1.9.x before 1.9.16 2.0.x before 2.0.7 2.1.x before 2.1.4 and 2.2.x before 2.2.1 and other products allows remote authenticated users to inject arbitrary e-mail headers via vectors involving a crafted (1) From: or (2) Sender: header.