Moodle 2.1.x < 2.1.9 / 2.2.x < 2.2.6 / 2.3.x < 2.3.3 Multiple Vulnerabilities

The remote web server hosts Moodle, an open-source course management system. Versions of Moodle 2.1.x prior to 2.1.9, 2.2.x prior to 2.2.6, and 2.3.x prior to 2.3.3 are affected by multiple vulnerabilities :

• A flaw exists that is due to the program not properly terminating sessions when a user disconnects from Moodle. This may allow an attacker with physical access to the computer to more easily access a user’s dropbox repository. (CVE-2012-5471)
• A flaw exists that is triggered during the handling of a specially crafted value of a frozen form field. This may allow a remote authenticated attacker to bypass access restrictions. (CVE-2012-5472)
• A flaw exists that is due to the Database Activity module not properly restricting access to activity entries. This may allow a remote authenticated attacker to gain access to arbitrary users’ activity entries via an advanced search. (CVE-2012-5473)
• A flaw exists that allows a remote user to execute arbitrary code. This flaw exists because the Portfolio plugin does not properly verify or sanitize user-uploaded files. By uploading a specially crafted API Callback file, the remote system will place the file in a user-accessible path. Making a direct request to the uploaded file will allow the user to execute the script with the privileges of the web server. (CVE-2012-5479)
• A flaw exists related to the Database activity module, which may allow a remote attacker to bypass intended access restrictions. With an advanced search the attacker may be able to read other participants’ entries. (CVE-2012-5480)
• A flaw exists that may lead to an unauthorized information disclosure. The issue may allow a remote authenticated attacker to bypass the ‘moodle/role:manage’ capability requirement, which will allow the attacker to read all capability data via the check permissions page. (CVE-2012-5481)