Description

The web services implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly consider the maintenance-mode state and account attributes during login attempts, which allows remote authenticated users to bypass intended access restrictions by connecting to a webservice server.

Remediation

References

CVE-2011-4590

Related Vulnerabilities

WordPress Plugin ARPrice-Responsive Pricing Table Cross-Site Scripting (2.2)

WordPress Plugin Pinpoint Booking System-#1 WordPress Booking SQL Injection (2.9.9.2.8)

ClipBucket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-6644)

ownCloud CVE-2017-9339 Vulnerability (CVE-2017-9339)

WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.29)

Severity

Medium

Classification

CVE-2011-4590 CWE-287

Tags

Missing Update Known Vulnerabilities