Main Vulnerability Database Vulnerabilities #VU44438

Code Injection in Moodle - CVE-2011-4203

Published: December 22, 2011 / Updated: August 11, 2020

Vulnerability identifier: #VU44438

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2011-4203

CWE-ID: CWE-94

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: moodle.org

Affected software:
Moodle

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

CRLF injection vulnerability in calendar/set.php in the Calendar component in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, 2.1.x before 2.1.3, and 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors involving the url variable.

How to mitigate CVE-2011-4203

Install update from vendor's website.

Sources

http://penturalabs.wordpress.com/2011/12/13/advisory-crlf-injection-vulnerability-in-moodle/
http://tracker.moodle.org/browse/MDL-24808

Code Injection in Moodle - CVE-2011-4203

Detailed vulnerability description

How to mitigate CVE-2011-4203

Sources

Please verify you're human