Summary
Moodle is prone to multiple vulnerabilities, including:
- multiple cross-site scripting issues
- a security-bypass issue
- an information-disclosure issue
- multiple SQL-injection issues
- an HTML-injection issue
- a session-fixation issue
Attackers can exploit these issues to bypass certain security restrictions, obtain sensitive information, perform unauthorized actions, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks may also be possible.
These issues affect versions prior to Moodle 1.9.8 and 1.8.12.
Solution
Updates are available. Please see the references for more information.
References
Severity
Classification
-
CVSS Base Score: 2.6
AV:N/AC:H/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Sambar sendmail /session/sendmail
- HP System Management Homepage Multiple Unspecified Vulnerabilities
- Firefox Information Disclosure Vulnerability Jan09 (Linux)
- phpWebSite 'page_id' Parameter Cross Site Scripting Vulnerability
- Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability