Moodle CVE-2016-10045 Command Injection Vulnerability
Description
Security vulnerability was reported against PHPMailer, third party library used by Moodle. As a result Moodle improved validation of no-reply address (that can only be configured by admin), all other fields were already properly sanitized. This issue only affect sites that leave $CFG->smtphosts empty.
Affected Applications
Moodle