1. CVE-Search
  2. CVE-2011-4301
ID CVE-2011-4301
Summary The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API setConstant operations, which allows remote attackers to submit unexpected form content by modifying the values of constant fields.
References
Vulnerable Configurations
  • cpe:2.3:a:moodle:moodle:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:1.9.4:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:1.9.4:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:1.9.6:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:1.9.6:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:1.9.9:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:1.9.9:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:1.9.11:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:1.9.11:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:2.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:2.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:1.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:1.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:1.9.12:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:1.9.12:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:1.9.10:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:1.9.10:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:2.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:1.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:1.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:1.9.13:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:1.9.13:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:1.9.5:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:1.9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:1.9.8:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:1.9.8:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:1.9.7:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:1.9.7:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:2.1.0:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 13-02-2023 - 04:32)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
refmap via4
confirm
Last major update 13-02-2023 - 04:32
Published 11-07-2012 - 10:26
Last modified 13-02-2023 - 04:32
Back to Top