Description

The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API setConstant operations, which allows remote attackers to submit unexpected form content by modifying the values of constant fields.

Remediation

References

CVE-2011-4301

Related Vulnerabilities

WordPress Plugin Double Opt-In for Download Multiple Cross-Site Scripting Vulnerabilities (2.1.5)

MySQL Other Vulnerability (CVE-2005-0799)

Oracle JRE CVE-2020-2601 Vulnerability (CVE-2020-2601)

WordPress Plugin NextGEN Gallery-WordPress Gallery Information Disclosure (1.9.11)

Ruby Improper Input Validation Vulnerability (CVE-2011-2705)

Severity

Medium

Classification

CVE-2011-4301

Tags

Missing Update Known Vulnerabilities