Main Vulnerability Database Vulnerabilities #VU43874

Permissions, Privileges, and Access Controls in Moodle - CVE-2011-4287

Published: July 16, 2012 / Updated: August 11, 2020

Vulnerability identifier: #VU43874

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2011-4287

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: moodle.org

Affected software:
Moodle

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

admin/uploaduser_form.php in Moodle 2.0.x before 2.0.3 does not force password changes for autosubscribed users, which makes it easier for remote attackers to obtain access by leveraging knowledge of the initial password of a new user.

How to mitigate CVE-2011-4287

Install update from vendor's website.

Sources

http://git.moodle.org/gw?p=moodle.git;a=commit;h=22a77963439e00441949440f0517135b3a5418da
http://moodle.org/mod/forum/discuss.php?d=175588
http://openwall.com/lists/oss-security/2011/11/14/1

Permissions, Privileges, and Access Controls in Moodle - CVE-2011-4287

Detailed vulnerability description

How to mitigate CVE-2011-4287

Sources

Please verify you're human