Description
mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7, when MNET services are enabled, does not properly check permissions, which allows remote authenticated servers to execute arbitrary MNET functions.
Remediation
References
Related Vulnerabilities
WordPress Plugin WPS Hide Login Security Bypass (1.9)
WordPress Plugin FCChat Widget 'path' Parameter Cross-Site Scripting (2.1.7)
WordPress Plugin FV Flowplayer Video Player Cross-Site Scripting (7.4.37.727)
Joomla! Core 3.x.x Security Bypass (3.0.0 - 3.4.4)
WordPress Plugin Page Builder:PageLayer-Drag and Drop website builder Cross-Site Scripting (1.3.4)