QwikSec

Security Database

CVE

CWE

Training

CVE-2011-4301

Published: Jul 11, 2012

Modified: Aug 7, 2024

PUBLISHED

Description

The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API setConstant operations, which allows remote attackers to submit unexpected form content by modifying the values of constant fields.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://moodle.org/mod/forum/discuss.php?d=188313

x_refsource_CONFIRM

http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=f1f70bd4dde6cd1ea4bdb8ab28fa3d36a53b89d8

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=747444

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.