Topic: | Header injection in PHPMailer library |
Severity: | Serious |
Versions affected: | 2.2, 2.1 to 2.1.3+, 2.0 to 2.0.6+, 1.9 to 1.9.15+ |
Reported by: | Simon Coggins |
Issue no.: | MDL-30575 |
Changes (master): | http://git.moodle.org/gw?p=moodle.git;a=commit;h=62988bf0bbc73df655f51884aaf1f523928abff9 |
Description:
It was possible to inject additional information into email headers, such as additional addresses.