Description

The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API setConstant operations, which allows remote attackers to submit unexpected form content by modifying the values of constant fields.

Remediation

References

CVE-2011-4301

Related Vulnerabilities

MySQL CVE-2022-21287 Vulnerability (CVE-2022-21287)

PHP Other Vulnerability (CVE-2006-4020)

WordPress Plugin BuddyPress Extended Friendship Request Cross-Site Scripting (1.0.1)

Zope Web Application Server CVE-2011-3587 Vulnerability (CVE-2011-3587)

WordPress Plugin All-in-One WP Migration Security Bypass (7.14)

Severity

Medium

Classification

CVE-2011-4301

Tags

Missing Update Known Vulnerabilities