Description
CRLF injection vulnerability in calendar/set.php in the Calendar component in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, 2.1.x before 2.1.3, and 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors involving the url variable.
Remediation
References
Related Vulnerabilities
CubeCart Improper Input Validation Vulnerability (CVE-2013-1465)
WordPress Plugin WPJobBoard SQL Injection (5.6.4)
WordPress Plugin WP Post to PDF Cross-Site Scripting (2.3.1)
Drupal Core 4.6.x Form Action Attribute Injection (4.6.0 - 4.6.9)
Oracle Database Server CVE-2011-0793 Vulnerability (CVE-2011-0793)