GitHub Advisory DatabaseGHSA-JCRJ-GMR6-P5J8Moodle Allows Modification of Constants
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7.2 High
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
71.1%
The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API setConstant operations, which allows remote attackers to submit unexpected form content by modifying the values of constant fields.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| moodle/moodle | lt | 2.1.2 | |
| moodle/moodle | lt | 2.0.5 | |
| moodle/moodle | lt | 1.9.14 |
References
git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=f1f70bd4dde6cd1ea4bdb8ab28fa3d36a53b89d8
git.moodle.org/gw?p=moodle.git;a=commit;h=f1f70bd4dde6cd1ea4bdb8ab28fa3d36a53b89d8
moodle.org/mod/forum/discuss.php?d=188313
bugzilla.redhat.com/show_bug.cgi?id=747444
github.com/advisories/GHSA-jcrj-gmr6-p5j8
github.com/moodle/moodle/commit/1f52e72526c305989eadc702b5299edb2a50ac3c
github.com/moodle/moodle/commit/2a44c5192c875c4f4b4e813d7227b19d8fda86ba
github.com/moodle/moodle/commit/a6f18c98f43b6fc6b8b7c4e96af41cb4a626e1b8
github.com/moodle/moodle/commit/f1f70bd4dde6cd1ea4bdb8ab28fa3d36a53b89d8
nvd.nist.gov/vuln/detail/CVE-2011-4301
Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7.2 High
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
71.1%