Moodle Multiple Security Bypass Vulnerabilities
BID:51450
Info
Moodle Multiple Security Bypass Vulnerabilities
| Bugtraq ID: | 51450 |
| Class: | Unknown |
| CVE: |
CVE-2012-0796 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 17 2012 12:00AM |
| Updated: | May 07 2015 05:16PM |
| Credit: | Simon Coggins, Eloy Lafuente, Ibrahim Awad |
| Vulnerable: |
Moodle Moodle 2.1.2 Moodle Moodle 2.1.1 Moodle Moodle 2.0.5 Moodle Moodle 2.0.4 Moodle Moodle 2.0.3 Moodle Moodle 2.0.2 Moodle Moodle 2.0.1 Moodle Moodle 2.0.1 Moodle Moodle 2.2 Moodle Moodle 2.1.3 Moodle Moodle 2.1 Moodle Moodle 2.0.6 Moodle Moodle 2.0 Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64 |
| Not Vulnerable: |
Moodle Moodle 2.2.1 Moodle Moodle 2.1.4 Moodle Moodle 2.0.7 |
Discussion
Moodle Multiple Security Bypass Vulnerabilities
Moodle is prone to multiple security-bypass vulnerabilities.
Successfully exploiting these issues will allow attackers to bypass security restrictions and perform unauthorized actions.
Moodle is prone to multiple security-bypass vulnerabilities.
Successfully exploiting these issues will allow attackers to bypass security restrictions and perform unauthorized actions.
Exploit / POC
Moodle Multiple Security Bypass Vulnerabilities
An attacker can use a browser to exploit these issues.
An attacker can use a browser to exploit these issues.
Solution / Fix
Moodle Multiple Security Bypass Vulnerabilities
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
Moodle Multiple Security Bypass Vulnerabilities
References:
References:
- Moodle Homepage (Moodle)
- MSA-12-0007: Email injection prevention (Michael de Raadt )
- MSA-12-0008: Unsynchronised access via tokens (Michael de Raadt)
- MSA-12-0009: Role access issue (Michael de Raadt)