CVE-2018-1081
Summary
| CVE | CVE-2018-1081 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-04-04 21:29:00 UTC |
| Updated | 2020-08-28 15:06:00 UTC |
| Description | A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was verified, otherwise admin email can be spammed. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Moodle CVE-2018-1081 Security Bypass Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Official Moodle git projects - moodle.git/search | CONFIRM | git.moodle.org | Patch, Vendor Advisory |
| Moodle.org: MSA-18-0005: Unauthenticated users can trigger custom messages to admin via paypal enrol script | CONFIRM | moodle.org | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 690625 Free Berkeley Software Distribution (FreeBSD) Security Update for moodle (cdb4d962-34f9-11e8-92db-080027907385)