Vulnerability Description
The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API setConstant operations, which allows remote attackers to submit unexpected form content by modifying the values of constant fields.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moodle | Moodle | 1.9.2 |
References
- http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=f1f70bd4dde6cd1ea4bdb8ab28f
- http://moodle.org/mod/forum/discuss.php?d=188313Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=747444
- http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=f1f70bd4dde6cd1ea4bdb8ab28f
- http://moodle.org/mod/forum/discuss.php?d=188313Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=747444
FAQ
What is CVE-2011-4301?
CVE-2011-4301 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API setConstant operations, which ...
How severe is CVE-2011-4301?
CVE-2011-4301 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-4301?
Check the references section above for vendor advisories and patch information. Affected products include: Moodle Moodle.