Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2011-4301

Date: July 11, 2012

The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API setConstant operations, which allows remote attackers to submit unexpected form content by modifying the values of constant fields.

Language: PHP

Severity Score

Related Resources (11)

https://github.com/moodle/moodle/commit/1f52e72526c305989eadc702b5299edb2a50ac3c
http://moodle.org/mod/forum/discuss.php?d=188313
https://github.com/moodle/moodle
https://nvd.nist.gov/vuln/detail/CVE-2011-4301
http://git.moodle.org/gw?p=moodle.git;a=commit;h=f1f70bd4dde6cd1ea4bdb8ab28fa3d36a53b89d8
https://github.com/moodle/moodle/commit/2a44c5192c875c4f4b4e813d7227b19d8fda86ba
https://bugzilla.redhat.com/show_bug.cgi?id=747444
http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=f1f70bd4dde6cd1ea4bdb8ab28fa3d36a53b89d8
https://github.com/moodle/moodle/commit/f1f70bd4dde6cd1ea4bdb8ab28fa3d36a53b89d8
https://github.com/moodle/moodle/commit/a6f18c98f43b6fc6b8b7c4e96af41cb4a626e1b8
https://www.mend.io/vulnerability-database/CVE-2011-4301

Severity Score

Weakness Type (CWE)

Modification of Assumed-Immutable Data (MAID)

CWE-471

Insufficient Information

NVD-CWE-noinfo

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): LOW
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us