Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4297)

Description

comment/lib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not properly restrict comment capabilities, which allows remote attackers to post a comment by leveraging the guest role and operating on a front-page activity.

Remediation

References

CVE-2011-4297

Related Vulnerabilities

WordPress Plugin Easy2Map Cross-Site Scripting (1.5.5)

WordPress Plugin WP Coder-add custom html, css and js code Cross-Site Request Forgery (2.5.2)

XWiki CVE-2023-35166 Vulnerability (CVE-2023-35166)

WordPress Plugin Pike Firewall Information Disclosure (1.4)

WordPress Plugin WORDPRESS VIDEO GALLERY SQL Injection (2.8)

Severity

Medium

Classification

CVE-2011-4297 CWE-264