Security Announcements

MSA-12-0007: Email injection prevention

 
 
My ugly mug
MSA-12-0007: Email injection prevention
 
Topic: Header injection in PHPMailer library
Severity: Serious
Versions affected: 2.2, 2.1 to 2.1.3+, 2.0 to 2.0.6+, 1.9 to 1.9.15+
Reported by: Simon Coggins
Issue no.: MDL-30575
Changes (master): http://git.moodle.org/gw?p=moodle.git;a=commit;h=62988bf0bbc73df655f51884aaf1f523928abff9

Description:

It was possible to inject additional information into email headers, such as additional addresses.