WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Improper Authentication Vulnerability (CVE-2011-4590)

Description

The web services implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly consider the maintenance-mode state and account attributes during login attempts, which allows remote authenticated users to bypass intended access restrictions by connecting to a webservice server.

Remediation

References

Related Vulnerabilities

JBoss Application Server Improper Privilege Management Vulnerability (CVE-2012-2312)

Django Improper Input Validation Vulnerability (CVE-2019-3498)

MySQL CVE-2018-2767 Vulnerability (CVE-2018-2767)

Oracle JRE CVE-2012-5076 Vulnerability (CVE-2012-5076)

WordPress Plugin Stockdio Historical Chart Cross-Site Scripting (2.7.2)

Severity

Medium

Classification

CVE-2011-4590 CWE-287

Tags

Missing Update Known Vulnerabilities