Description

The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API setConstant operations, which allows remote attackers to submit unexpected form content by modifying the values of constant fields.

Remediation

References

CVE-2011-4301

Related Vulnerabilities

WordPress Plugin Formidable Forms-Contact Form, Survey, Quiz, Calculator & Custom Form Builder Cross-Site Scripting (5.0.06)

TYPO3 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-11069)

WordPress Plugin Slimstat Analytics Cross-Site Scripting (4.8)

WordPress Plugin Ultimate Appointment Booking & Scheduling Cross-Site Scripting (1.1.9)

MySQL CVE-2022-21362 Vulnerability (CVE-2022-21362)

Severity

Medium

Classification

CVE-2011-4301

Tags

Missing Update Known Vulnerabilities