Lucene search

[email protected]CVE-2011-4118

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2011-4118

2022-10-0316:15:14

CWE-264

[email protected]

web.nvd.nist.gov

mahara

cve-2011-4118

mnet

moodle network

xmlrpc

remote privilege escalation

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.0%

JSON

Mahara before 1.4.1, when MNet (aka the Moodle network feature) is used, allows remote authenticated users to gain privileges via a jump to an XMLRPC target.

Affected configurations

NVD

Node

maharamaharaRange≤1.4.0

maharamaharaMatch0.9.0

maharamaharaMatch0.9.1

maharamaharaMatch0.9.2

maharamaharaMatch1.0.0

maharamaharaMatch1.0.1

maharamaharaMatch1.0.2

maharamaharaMatch1.0.3

maharamaharaMatch1.0.4

maharamaharaMatch1.0.5

maharamaharaMatch1.0.6

maharamaharaMatch1.0.7

maharamaharaMatch1.0.8

maharamaharaMatch1.0.9

maharamaharaMatch1.0.10

maharamaharaMatch1.0.11

maharamaharaMatch1.0.12

maharamaharaMatch1.0.13

maharamaharaMatch1.0.14

maharamaharaMatch1.0.15

maharamaharaMatch1.1

maharamaharaMatch1.1.0

maharamaharaMatch1.1.0alpha1

maharamaharaMatch1.1.0alpha2

maharamaharaMatch1.1.0alpha3

maharamaharaMatch1.1.0beta1

maharamaharaMatch1.1.0beta2

maharamaharaMatch1.1.0beta3

maharamaharaMatch1.1.0beta4

maharamaharaMatch1.1.0rc1

maharamaharaMatch1.1.0rc2

maharamaharaMatch1.1.1

maharamaharaMatch1.1.2

maharamaharaMatch1.1.3

maharamaharaMatch1.1.4

maharamaharaMatch1.1.5

maharamaharaMatch1.1.6

maharamaharaMatch1.1.7

maharamaharaMatch1.1.8

maharamaharaMatch1.1.9

maharamaharaMatch1.2.0

maharamaharaMatch1.2.0alpha1

maharamaharaMatch1.2.0alpha2

maharamaharaMatch1.2.0alpha3

maharamaharaMatch1.2.0beta1

maharamaharaMatch1.2.0beta2

maharamaharaMatch1.2.0beta3

maharamaharaMatch1.2.0beta4

maharamaharaMatch1.2.0rc1

maharamaharaMatch1.2.1

maharamaharaMatch1.2.2

maharamaharaMatch1.2.3

maharamaharaMatch1.2.4

maharamaharaMatch1.2.5

maharamaharaMatch1.2.6

maharamaharaMatch1.3.0

maharamaharaMatch1.3.0beta1

maharamaharaMatch1.3.0beta2

maharamaharaMatch1.3.0beta3

maharamaharaMatch1.3.0beta4

maharamaharaMatch1.3.0rc1

maharamaharaMatch1.3.1

maharamaharaMatch1.3.2

maharamaharaMatch1.3.3

maharamaharaMatch1.3.4

maharamaharaMatch1.3.5

maharamaharaMatch1.3.6

maharamaharaMatch1.3.7

maharamaharaMatch1.4rc1

maharamaharaMatch1.4rc2

maharamaharaMatch1.4rc3

maharamaharaMatch1.4rc4

CPENameOperatorVersion
mahara:maharamaharale1.4.0
mahara:maharamaharaeq0.9.0
mahara:maharamaharaeq0.9.1
mahara:maharamaharaeq0.9.2
mahara:maharamaharaeq1.0.0
mahara:maharamaharaeq1.0.1
mahara:maharamaharaeq1.0.2
mahara:maharamaharaeq1.0.3
mahara:maharamaharaeq1.0.4
mahara:maharamaharaeq1.0.5

CPE	Name	Operator	Version
mahara:mahara	mahara	le	1.4.0
mahara:mahara	mahara	eq	0.9.0
mahara:mahara	mahara	eq	0.9.1
mahara:mahara	mahara	eq	0.9.2
mahara:mahara	mahara	eq	1.0.0
mahara:mahara	mahara	eq	1.0.1
mahara:mahara	mahara	eq	1.0.2
mahara:mahara	mahara	eq	1.0.3
mahara:mahara	mahara	eq	1.0.4
mahara:mahara	mahara	eq	1.0.5

Rows per page:

1-10 of 471

References

mahara.org/interaction/forum/topic.php?id=4138

openwall.com/lists/oss-security/2011/11/04/10

openwall.com/lists/oss-security/2011/11/04/7

secunia.com/advisories/46719

security.debian.org/debian-security/pool/updates/main/m/mahara/mahara_1.2.6-2+squeeze3.debian.tar.gz

www.debian.org/security/2011/dsa-2334

bugs.launchpad.net/mahara/+bug/884223

launchpad.net/mahara/+milestone/1.4.1

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.0%

JSON

Related for CVE-2011-4118

prion1 nvd1 cvelist1 ubuntucve1 openvas1