Summary
This host is running Moodle CMS and is prone to Multiple Vulnerabilities.
Impact
Successful exploitation will allow remote attackers to cause Cross Site Scripting attacks, can gain sensitive information about the user or the remote host or can delete unauthorised posts through injecting malicious web scripts.
Impact level: System/Application
Solution
Upgrade to latest version 1.6.9, 1.7.7, 1.8.8 and 1.9.4 http://moodle.org/downloads
Insight
Multiple flaws are due to
- Vulnerability in post.php for IMG tag which allows unauthorised access to user's posts.
- XSS Vulnerability in course/lib.php which allows injection of arbitrary web scripts or malicious HTML codes while displaying the log report in browser due to lack of sanitization.
- Unspecified vulnerability in the Calendar export feature which causes conducting brute force attacks.
- XSS Vulnerability in blocks/html/block_html.php which allows injection of arbitracy scripts of malformed HTML codes injection.
Affected
Moodle version from 1.6 prior to 1.6.9,
Moodle version from 1.7 prior to 1.7.7,
Moodle version from 1.8 prior to 1.8.8 and
Moodle version from 1.9 prior to 1.9.4 on all platforms.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-0499, CVE-2009-0500, CVE-2009-0501, CVE-2009-0502 -
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:N/I:P/A:P
Related Vulnerabilities
- Apache Archiva Home Page Cross-Site Scripting vulnerability
- Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities
- Apache Struts2/XWork Remote Command Execution Vulnerability
- Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
- Apache Tomcat DOS Device Name XSS