CVE-2012-0796 - Witchy Asterisks

Description

class.phpmailer.php in the PHPMailer library as used in Moodle 1.9.x before 1.9.16 2.0.x before 2.0.7 2.1.x before 2.1.4 and 2.2.x before 2.2.1 and other products allows remote authenticated users to inject arbitrary e-mail headers via vectors involving a crafted (1) From: or (2) Sender: header.

Reference

http://git.moodle.org/gw?p=moodle.git;a=commit;h=62988bf0bbc73df655f51884aaf1f523928abff9 http://moodle.org/mod/forum/discuss.php?d=194015 https://bugzilla.redhat.com/show_bug.cgi?id=783532 http://www.debian.org/security/2012/dsa-2421