Description

mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7, when MNET services are enabled, does not properly check permissions, which allows remote authenticated servers to execute arbitrary MNET functions.

Remediation

References

CVE-2009-4301

Related Vulnerabilities

Ampache Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-51489)

WordPress Plugin 404 to 301-Redirect, Log and Notify 404 Errors Security Bypass (3.0.1)

concrete5 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-8082)

WordPress Plugin Contact Form 7 Database Information Disclosure (1.3)

WordPress Plugin Contact Form by WD-responsive drag & drop contact form builder tool Unspecified Vulnerability (1.12.22)

Severity

Medium

Classification

CVE-2009-4301 CWE-264

Tags

Missing Update Known Vulnerabilities