Moodle CVE-2016-10045 Command Injection Vulnerability

description-logoDescription

Security vulnerability was reported against PHPMailer, third party library used by Moodle. As a result Moodle improved validation of no-reply address (that can only be configured by admin), all other fields were already properly sanitized. This issue only affect sites that leave $CFG->smtphosts empty.

affected-products-logoAffected Applications

Moodle

CVE References

CVE-2016-10045