Description

The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API setConstant operations, which allows remote attackers to submit unexpected form content by modifying the values of constant fields.

Remediation

References

CVE-2011-4301

Related Vulnerabilities

WordPress Plugin All in One SEO-Best WordPress SEO-Easily Improve SEO Rankings & Increase Traffic Cross-Site Scripting (3.2.6)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-16781)

easyXDM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-27739)

Internet Information Services Other Vulnerability (CVE-1999-1148)

WordPress Plugin Visualizer:Tables and Charts Manager for WordPress Multiple Vulnerabilities (3.3.0)

Severity

Medium

Classification

CVE-2011-4301

Tags

Missing Update Known Vulnerabilities