{"id":"CVE-2016-5013","details":"In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam.","aliases":["GHSA-2hh3-jmv8-5fmx"],"modified":"2026-07-08T12:53:11.171701Z","published":"2017-01-20T08:59:00.220Z","references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/92040"},{"type":"FIX","url":"https://moodle.org/mod/forum/discuss.php?d=336698"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/moodle/moodle","events":[{"introduced":"0"},{"last_affected":"fb8bd4eefe89b92a429a29c593d8530c71694210"},{"introduced":"21db825b19e84bb24c0661b551a5069970e143c4"},{"last_affected":"268abfacc54c4cbf9722c1502569b311c7caefff"}],"database_specific":{"cpe":["cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","cpe:2.3:a:moodle:moodle:2.8.0:*:*:*:*:*:*:*","cpe:2.3:a:moodle:moodle:2.8.1:*:*:*:*:*:*:*","cpe:2.3:a:moodle:moodle:2.8.2:*:*:*:*:*:*:*","cpe:2.3:a:moodle:moodle:2.8.3:*:*:*:*:*:*:*","cpe:2.3:a:moodle:moodle:2.8.4:*:*:*:*:*:*:*","cpe:2.3:a:moodle:moodle:2.8.5:*:*:*:*:*:*:*","cpe:2.3:a:moodle:moodle:2.8.6:*:*:*:*:*:*:*","cpe:2.3:a:moodle:moodle:2.8.7:*:*:*:*:*:*:*","cpe:2.3:a:moodle:moodle:2.8.8:*:*:*:*:*:*:*","cpe:2.3:a:moodle:moodle:2.8.9:*:*:*:*:*:*:*","cpe:2.3:a:moodle:moodle:2.8.10:*:*:*:*:*:*:*","cpe:2.3:a:moodle:moodle:2.8.11:*:*:*:*:*:*:*","cpe:2.3:a:moodle:moodle:2.8.12:*:*:*:*:*:*:*","cpe:2.3:a:moodle:moodle:2.9.0:*:*:*:*:*:*:*","cpe:2.3:a:moodle:moodle:2.9.1:*:*:*:*:*:*:*","cpe:2.3:a:moodle:moodle:2.9.2:*:*:*:*:*:*:*","cpe:2.3:a:moodle:moodle:2.9.3:*:*:*:*:*:*:*","cpe:2.3:a:moodle:moodle:2.9.4:*:*:*:*:*:*:*","cpe:2.3:a:moodle:moodle:2.9.5:*:*:*:*:*:*:*","cpe:2.3:a:moodle:moodle:2.9.6:*:*:*:*:*:*:*","cpe:2.3:a:moodle:moodle:3.0.0:*:*:*:*:*:*:*","cpe:2.3:a:moodle:moodle:3.0.1:*:*:*:*:*:*:*","cpe:2.3:a:moodle:moodle:3.0.2:*:*:*:*:*:*:*","cpe:2.3:a:moodle:moodle:3.0.3:*:*:*:*:*:*:*","cpe:2.3:a:moodle:moodle:3.0.4:*:*:*:*:*:*:*","cpe:2.3:a:moodle:moodle:3.1.0:*:*:*:*:*:*:*"],"source":["CPE_RANGE","CPE_STRING"],"extracted_events":[{"introduced":"0"},{"last_affected":"2.7.14"},{"introduced":"2.8.0"},{"last_affected":"2.8.0"},{"introduced":"2.8.1"},{"last_affected":"2.8.1"},{"introduced":"2.8.2"},{"last_affected":"2.8.2"},{"introduced":"2.8.3"},{"last_affected":"2.8.3"},{"introduced":"2.8.4"},{"last_affected":"2.8.4"},{"introduced":"2.8.5"},{"last_affected":"2.8.5"},{"introduced":"2.8.6"},{"last_affected":"2.8.6"},{"introduced":"2.8.7"},{"last_affected":"2.8.7"},{"introduced":"2.8.8"},{"last_affected":"2.8.8"},{"introduced":"2.8.9"},{"last_affected":"2.8.9"},{"introduced":"2.8.10"},{"last_affected":"2.8.10"},{"introduced":"2.8.11"},{"last_affected":"2.8.11"},{"introduced":"2.8.12"},{"last_affected":"2.8.12"},{"introduced":"2.9.0"},{"last_affected":"2.9.0"},{"introduced":"2.9.1"},{"last_affected":"2.9.1"},{"introduced":"2.9.2"},{"last_affected":"2.9.2"},{"introduced":"2.9.3"},{"last_affected":"2.9.3"},{"introduced":"2.9.4"},{"last_affected":"2.9.4"},{"introduced":"2.9.5"},{"last_affected":"2.9.5"},{"introduced":"2.9.6"},{"last_affected":"2.9.6"},{"introduced":"3.0.0"},{"last_affected":"3.0.0"},{"introduced":"3.0.1"},{"last_affected":"3.0.1"},{"introduced":"3.0.2"},{"last_affected":"3.0.2"},{"introduced":"3.0.3"},{"last_affected":"3.0.3"},{"introduced":"3.0.4"},{"last_affected":"3.0.4"},{"introduced":"3.1.0"},{"last_affected":"3.1.0"}]}}],"versions":["2.8.0","2.8.1","2.8.10","2.8.11","2.8.12","2.8.2","2.8.3","2.8.4","2.8.5","2.8.6","2.8.7","2.8.8","2.8.9","2.9.0","2.9.1","2.9.2","2.9.3","2.9.4","2.9.5","2.9.6","3.0.0","3.0.1","3.0.2","3.0.3","3.0.4","3.1.0","v2.7.14","v3.1.0-beta","v3.1.0","v3.1.0-rc2","v3.1.0-rc1","v2.7.13","v2.7.12","v3.0.0-rc3","v3.0.0","v3.0.0-rc4","v3.0.0-rc2","v3.0.0-rc1","v3.0.0-beta","v2.7.10","v2.7.9","v2.7.8","v2.9.0","v2.9.0-rc2","v2.9.0-rc1","v2.9.0-beta","v2.7.5","v2.7.7","v2.7.6","v2.7.4","v2.8.0","v2.7.3","v2.7.2","v2.7.1","v2.7.0","v2.7.0-rc2","v2.7.0-rc1","v2.7.0-beta","v2.6.0","v2.6.0-rc1","v2.6.0-beta","v2.5.0","v2.5.0-rc1","v2.5.0-beta","v2.4.0-beta","v2.4.0-rc1","v2.4.0","v2.3.0","v2.3.0-rc1","v2.3.0-beta","v2.2.0","v2.2.0-rc1","v2.2.0-beta","v2.1.0","v2.0.1","v2.0.0","v2.0.0-rc2","v2.0.0-rc1","v1.3.0","v1.2.1","v1.2.0","v1.1.1","v1.1.0","v1.0.9","v1.0.8","v1.0.7","v1.0.6","v1.0.5","v1.0.4","v1.0.3","v1.0.2","v1.0.1","v1.0.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-5013.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}]}