Description

mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7, when MNET services are enabled, does not properly check permissions, which allows remote authenticated servers to execute arbitrary MNET functions.

Remediation

References

CVE-2009-4301

Related Vulnerabilities

Ruby Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2011-1004)

WordPress Plugin Brizy-Page Builder Multiple Vulnerabilities (2.3.11)

WordPress Plugin U Extended Comment 'fileurl' Parameter Arbitrary File Download (1.0.1)

MySQL CVE-2019-2740 Vulnerability (CVE-2019-2740)

WordPress Plugin WooCommerce Cross-Site Scripting (2.0.12)

Severity

Medium

Classification

CVE-2009-4301 CWE-264

Tags

Missing Update Known Vulnerabilities