Description

mnet/xmlrpc/client.php in MNET in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not properly process the return value of the openssl_verify function, which allows remote attackers to bypass validation via a crafted certificate.

Remediation

References

CVE-2011-4302

Related Vulnerabilities

qdPM Sensitive Information Disclosure Vulnerability (CVE-2015-3881)

Artifactory Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-10324)

MySQL CVE-2020-14799 Vulnerability (CVE-2020-14799)

WordPress Plugin LB Mixed Slideshow 'upload.php' Arbitrary File Upload (1.0)

Apache Traffic Server Improper Input Validation Vulnerability (CVE-2022-31779)

Severity

Medium

Classification

CVE-2011-4302 CWE-20

Tags

Missing Update Known Vulnerabilities