Moodle 2.3.x < 2.3.9 / 2.4.x < 2.4.6 / 2.5.x < 2.5.2 Multiple Vulnerabilities

The remote web server hosts Moodle, an open-source course management system. Versions of Moodle 2.3.x prior to 2.3.9, 2.4.x prior to 2.4.6 or 2.5.x prior to 2.5.2 are exposed to the following vulnerabilities :

• One of Moodle’s dependencies, the PHP cURL Library (libcurl), contains a flaw related to domain name validation during certificate validation. The issue is due to the server hostname not being verified to match a domain name in the Subject’s Common Name (CN) or SubjectAltName field of the X.509 certificate. This may allow a man-in-the-middle attacker to spoof SSL servers via an arbitrary certificate that appears valid. Such an attack would allow for the interception of sensitive traffic, and potentially allow for the injection of content into the SSL stream. (CVE-2012-6087)
• A flaw exists that may allow an attacker to carry out an SQL injection attack. The issue is triggered when handling NULL bytes from a query string. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. (CVE-2013-4313)
• A flaw exists that allows a stored cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via links upon submission to the ‘blog/external_blog_edit.php’ script. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser within the trust relationship between their browser and the server. (CVE-2013-4341)
• A flaw exists that is due to unserialized input in the ‘badges/external.php’ script. This may allow a remote attacker to inject objects leading to the deletion of arbitrary files via ‘csv_export_writer::__destruct()’ method in ‘lib/csvlib.class.php’ or conduct cross-site scripting (XSS) attacks via the ‘core_badges_renderer::render_external_badge()’ method in ‘badges/renderer.php’. (CVE-2013-5674)