In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam.Referenceshttps://moodle.org/mod/forum/discuss.php?d=336698http://www.securityfocus.com/bid/92040
