4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
Moodle is vulnerable to header injection attacks. These attacks are possible due to the way Moodle uses PHPMailer. It allows remote authenticated users to inject email headers using the From:
and Sender:
headers.
CPE | Name | Operator | Version |
---|---|---|---|
moodle/moodle | le | 1.9.15 | |
moodle/moodle | le | 2.0.6 | |
moodle/moodle | le | 2.2.0 | |
moodle/moodle | le | 2.1.3 | |
moodle/moodle | le | 1.9.15 | |
moodle/moodle | le | 2.0.6 | |
moodle/moodle | le | 2.2.0 | |
moodle/moodle | le | 2.1.3 |
git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=62988bf0bbc73df655f51884aaf1f523928abff9
git.moodle.org/gw?p=moodle.git;a=commit;h=62988bf0bbc73df655f51884aaf1f523928abff9
moodle.org/mod/forum/discuss.php?d=194015
www.debian.org/security/2012/dsa-2421
bugzilla.redhat.com/show_bug.cgi?id=783532
git.moodle.org/gw?p=moodle.git;a=commit;h=62988bf0bbc73df655f51884aaf1f523928abff9
moodle.org/mod/forum/discuss.php?d=194015