Description

mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7, when MNET services are enabled, does not properly check permissions, which allows remote authenticated servers to execute arbitrary MNET functions.

Remediation

References

CVE-2009-4301

Related Vulnerabilities

MyBB Other Vulnerability (CVE-2007-1964)

Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1599)

WordPress Plugin Simple Matted Thumbnails Cross-Site Scripting (1.01)

WordPress Plugin Easy Digital Downloads-Simple eCommerce for Selling Digital Files Unspecified Vulnerability (2.4.9)

WordPress Plugin Advanced Custom Fields (ACF) Security Bypass (5.9.9)

Severity

Medium

Classification

CVE-2009-4301 CWE-264

Tags

Missing Update Known Vulnerabilities