Moodle Prior To 1.9.8/1.8.12 Multiple Vulnerabilities Network Vulnerability

Summary

Moodle is prone to multiple vulnerabilities, including: - multiple cross-site scripting issues - a security-bypass issue - an information-disclosure issue - multiple SQL-injection issues - an HTML-injection issue - a session-fixation issue Attackers can exploit these issues to bypass certain security restrictions, obtain sensitive information, perform unauthorized actions, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks may also be possible. These issues affect versions prior to Moodle 1.9.8 and 1.8.12.

Solution

Updates are available. Please see the references for more information.

References

http://docs.moodle.org/en/Moodle_1.9.8_release_notes
http://moodle.org/security/
http://www.moodle.org
http://www.securityfocus.com/bid/39150

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 2.6
AV:N/AC:H/Au:N/C:N/I:P/A:N

Related Vulnerabilities

net2ftp Multiple Cross-Site Scripting Vulnerabilities
phpWebSite 'page_id' Parameter Cross Site Scripting Vulnerability
OTRS Event Notification Information Disclosure Vulnerability
Apache Tomcat mod_jk Information Disclosure Vulnerability
OneOrZero AIMS 'index.php' Cross Site Scripting Vulnerability

Moodle Prior to 1.9.8/1.8.12 Multiple Vulnerabilities

Take action and discover your vulnerabilities