4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
51.7%
Arbitrary additional email headers can be injected via crafted From or Sender headers.
Fixed in 2.2.1
Filter user-supplied values prior to using them in From or Sender properties.
https://nvd.nist.gov/vuln/detail/CVE-2012-0796
If you have any questions or comments about this advisory:
moodle.org/mod/forum/discuss.php?d=194015
www.debian.org/security/2012/dsa-2421
bugzilla.redhat.com/show_bug.cgi?id=783532
git.moodle.org/gw?p=moodle.git&a=commit&h=62988bf0bbc73df655f51884aaf1f523928abff9
github.com/PHPMailer/PHPMailer
github.com/PHPMailer/PHPMailer/security/advisories/GHSA-398j-f7m7-795j
nvd.nist.gov/vuln/detail/CVE-2012-0796