Main Vulnerability Database Vulnerabilities #VU43852

Configuration in Moodle - CVE-2012-0797

Published: July 17, 2012 / Updated: August 11, 2020

Vulnerability identifier: #VU43852

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2012-0797

CWE-ID: CWE-16

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: moodle.org

Affected software:
Moodle

Detailed vulnerability description

The vulnerability allows a remote #AU# to read and manipulate data.

The webservices functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote authenticated users to bypass the deleted status and continue using a server via a token.

How to mitigate CVE-2012-0797

Install update from vendor's website.

Sources

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-28126
http://moodle.org/mod/forum/discuss.php?d=194016
https://bugzilla.redhat.com/show_bug.cgi?id=783532

Configuration in Moodle - CVE-2012-0797

Detailed vulnerability description

How to mitigate CVE-2012-0797

Sources

Please verify you're human