Description

comment/lib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not properly restrict comment capabilities, which allows remote attackers to post a comment by leveraging the guest role and operating on a front-page activity.

Remediation

References

CVE-2011-4297

Related Vulnerabilities

SharePoint Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-0971)

WordPress Plugin CAC Featured Content TimThumb Arbitrary File Upload (0.8)

Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-35132)

Internet Information Services Other Vulnerability (CVE-2001-0333)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0009)

Severity

Medium

Classification

CVE-2011-4297 CWE-264

Tags

Missing Update Known Vulnerabilities