Main Vulnerability Database Vulnerabilities #VU43832

Input validation error in Moodle - CVE-2011-4582

Published: July 20, 2012 / Updated: August 11, 2020

Vulnerability identifier: #VU43832

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2011-4582

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: moodle.org

Affected software:
Moodle

Detailed vulnerability description

The vulnerability allows a remote #AU# to read and manipulate data.

Open redirect vulnerability in the Calendar set page in Moodle 2.1.x before 2.1.3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a redirection URL.

How to mitigate CVE-2011-4582

Install update from vendor's website.

Sources

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-28720&sr=1
http://moodle.org/mod/forum/discuss.php?d=191748
https://bugzilla.redhat.com/show_bug.cgi?id=761248

Input validation error in Moodle - CVE-2011-4582

Detailed vulnerability description

How to mitigate CVE-2011-4582

Sources

Please verify you're human