Description

lib/db/upgrade.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not set the correct registration_hubs.secret value during installation, which allows remote attackers to bypass intended access restrictions by leveraging the hubs feature.

Remediation

References

CVE-2011-4303

Related Vulnerabilities

WordPress Plugin WP Pipes Unspecified Vulnerability (1.28)

Ember.js Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-0046)

Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-9933)

Oracle Database Server CVE-2006-0266 Vulnerability (CVE-2006-0266)

WordPress Plugin Theme Blvd Sliders Multiple Security Bypass Vulnerabilities (1.2.3)

Severity

Medium

Classification

CVE-2011-4303

Tags

Missing Update Known Vulnerabilities