Description

The MoodleQuickForm class in lib/formslib.php in Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not properly handle a certain array-element syntax, which allows remote attackers to bypass intended form-data filtering via a crafted request.

Remediation

References

CVE-2013-2083

Related Vulnerabilities

Joomla Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-7989)

Drupal Core 9.2.x Multiple Security Bypass Vulnerabilities (9.2.0 - 9.2.5)

Envoy Proxy Use After Free Vulnerability (CVE-2021-43826)

Oracle JRE CVE-2013-5810 Vulnerability (CVE-2013-5810)

Internet Information Services Other Vulnerability (CVE-2000-0025)

Severity

Medium

Classification

CVE-2013-2083 CWE-20

Tags

Missing Update Known Vulnerabilities