Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle CVE-2011-4301 Vulnerability (CVE-2011-4301)

Description

The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API setConstant operations, which allows remote attackers to submit unexpected form content by modifying the values of constant fields.

Remediation

References

Related Vulnerabilities

WordPress Plugin WooCommerce Cross-Seller Unspecified Vulnerability (1.0.2)

WordPress Plugin CheetahO Image Compression and Optimizer Unspecified Vulnerability (1.4.2.1)

jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-11023)

Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-2817)

WordPress Plugin Unlimited Elements For Elementor (Free Widgets, Addons, Templates) SQL Injection (1.5.107)

Severity

Medium

Classification

CVE-2011-4301

Tags

Missing Update Known Vulnerabilities