Main Vulnerability Database Vulnerabilities #VU43817

Input validation error in Moodle - CVE-2012-2366

Published: July 21, 2012 / Updated: August 11, 2020

Vulnerability identifier: #VU43817

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2012-2366

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: moodle.org

Affected software:
Moodle

Detailed vulnerability description

The vulnerability allows a remote #AU# to manipulate or delete data.

mod/data/preset.php in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not properly iterate through an array, which allows remote authenticated users to overwrite arbitrary database activity presets via unspecified vectors.

How to mitigate CVE-2012-2366

Install update from vendor's website.

Sources

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31763
http://openwall.com/lists/oss-security/2012/05/23/2

Input validation error in Moodle - CVE-2012-2366

Detailed vulnerability description

How to mitigate CVE-2012-2366

Sources

Please verify you're human