Description

The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API setConstant operations, which allows remote attackers to submit unexpected form content by modifying the values of constant fields.

Remediation

References

CVE-2011-4301

Related Vulnerabilities

Joomla Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-7989)

Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2006-4785)

PostgreSQL Improper Control of Dynamically-Managed Code Resources Vulnerability (CVE-2022-2625)

Oracle Database Server CVE-2015-4923 Vulnerability (CVE-2015-4923)

WordPress Plugin Import Export WordPress Users Security Bypass (1.3.8)

Severity

Medium

Classification

CVE-2011-4301

Tags

Missing Update Known Vulnerabilities