Description

comment/lib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not properly restrict comment capabilities, which allows remote attackers to post a comment by leveraging the guest role and operating on a front-page activity.

Remediation

References

CVE-2011-4297

Related Vulnerabilities

Python Other Vulnerability (CVE-2012-2135)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-5264)

Internet Information Services Other Vulnerability (CVE-2000-1147)

MongoDb Improper Handling of Exceptional Conditions Vulnerability (CVE-2020-7926)

WordPress Plugin Share and Follow 'admin.php' Cross-Site Scripting (1.80.3)

Severity

Medium

Classification

CVE-2011-4297 CWE-264

Tags

Missing Update Known Vulnerabilities