Main Vulnerability Database Vulnerabilities #VU43861

#VU43861 Input validation error in Moodle - CVE-2011-4294

Published: July 16, 2012 / Updated: August 11, 2020

Vulnerability identifier: #VU43861

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2011-4294

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Moodle

Software vendor:
moodle.org

Description

The vulnerability allows a remote non-authenticated attacker to manipulate or delete data.

The error-message functionality in Moodle 1.9.x before 1.9.13, 2.0.x before 2.0.4, and 2.1.x before 2.1.1 does not ensure that a continuation link refers to an http or https URL for the local Moodle instance, which might allow attackers to trick users into visiting arbitrary web sites via unspecified vectors.

Remediation

Install update from vendor's website.

External links

http://git.moodle.org/gw?p=moodle.git;a=commit;h=8f9f666c902cb30ef6f519353f38c45a29fdf4a6
http://moodle.org/mod/forum/discuss.php?d=182737
http://openwall.com/lists/oss-security/2011/11/14/1

#VU43861 Input validation error in Moodle - CVE-2011-4294

Description

Remediation

External links

Please verify you're human