WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4589)

Description

backup/moodle2/restore_stepslib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not check for the moodle/course:changeidnumber privilege during handling of course ID numbers, which allows remote authenticated users to overwrite ID numbers via a restore action.

Remediation

References

Related Vulnerabilities

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-20350)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2009-3546)

WordPress Plugin Mobile Device Detection by 51Degrees Cross-Site Scripting (3.1.5.2)

WordPress Plugin WP-Polls SQL Injection (2.71)

Internet Information Services Other Vulnerability (CVE-1999-1223)

Severity

Medium

Classification

CVE-2011-4589 CWE-264

Tags

Missing Update Known Vulnerabilities