Moodle Prior To 1.9.11/2.0.2 Multiple Vulnerabilities Network Vulnerability

Summary

Moodle is prone to multiple vulnerabilities, including: 1. Multiple cross-site scripting issues 2. Multiple information-disclosure issues 3. An HTML-injection issue 4. An insecure permissions issue Attackers can exploit these issues to bypass certain security restrictions, obtain sensitive information, perform unauthorized actions, and compromise the application. Other attacks may also be possible. These issues affect versions prior to Moodle 1.9.11 and 2.0.2.

Solution

Updates are available. Please see the references for more information.

References

http://moodle.org/mod/forum/discuss.php?d=170002
http://moodle.org/mod/forum/discuss.php?d=170003
http://moodle.org/mod/forum/discuss.php?d=170004
http://moodle.org/mod/forum/discuss.php?d=170006
http://moodle.org/mod/forum/discuss.php?d=170008
http://moodle.org/mod/forum/discuss.php?d=170009
http://moodle.org/mod/forum/discuss.php?d=170010
http://moodle.org/mod/forum/discuss.php?d=170011
http://www.moodle.org
https://www.securityfocus.com/bid/46646

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Tiles Multiple XSS Vulnerability
Apple Safari Multiple Vulnerabilities
Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
/cgi-bin directory browsable ?
Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities

Moodle Prior to 1.9.11/2.0.2 Multiple Vulnerabilities

Take action and discover your vulnerabilities