Description

lib/db/upgrade.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not set the correct registration_hubs.secret value during installation, which allows remote attackers to bypass intended access restrictions by leveraging the hubs feature.

Remediation

References

CVE-2011-4303

Related Vulnerabilities

Dolibarr Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-4197)

Joomla! Core 3.x.x Multiple Vulnerabilities (3.4.4 - 3.6.3)

WordPress 3.8.x Multiple Vulnerabilities (3.8 - 3.8.33)

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-9838)

GlassFish CVE-2013-1508 Vulnerability (CVE-2013-1508)

Severity

Medium

Classification

CVE-2011-4303

Tags

Missing Update Known Vulnerabilities