RETIRED: Moodle Multiple Remote Security Vulnerabilities
BID:58660
Info
RETIRED: Moodle Multiple Remote Security Vulnerabilities
| Bugtraq ID: | 58660 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 25 2013 12:00AM |
| Updated: | Apr 13 2015 08:44PM |
| Credit: | Ankit Agarwal, Helen Foster, Mark Nielsen, John Holmes, Frédéric Massart, Jérôme Mouneyrac, and Andrew Nicols |
| Vulnerable: |
Moodle Moodle 2.2.3 Moodle Moodle 2.2.2 Moodle Moodle 2.2.1 Moodle Moodle 2.2 |
| Not Vulnerable: | |
Discussion
RETIRED: Moodle Multiple Remote Security Vulnerabilities
Moodle is prone to multiple security vulnerabilities, including:
1. Multiple security-bypass vulnerabilities
2. Multiple information-disclosure vulnerabilities
3. A cross-site scripting vulnerability
4. A data manipulation vulnerability
Attackers can exploit these issues to bypass certain security restrictions, obtain sensitive information, execute arbitrary script code, or perform unauthorized data modifications. Other attacks are also possible.
Moodle versions prior to 2.4.2, 2.3.5, and 2.2.8 are vulnerable.
This BID is being retired. The following individual records exist to better document the issues:
60036 Moodle 'managesubscriptions.php' CVE-2013-1829 Security Bypass Vulnerability
60038 Moodle CVE-2013-1830 Information Disclosure Vulnerability
60031 Moodle CVE-2013-1831 Information Disclosure Vulnerability
60034 Moodle CVE-2013-1832 Password Information Disclosure Vulnerability
60042 Moodle CVE-2013-1833 HTML Injection Vulnerability
60041 Moodle CVE-2013-1834 Security Bypass Vulnerability
60047 Moodle CVE-2013-1835 Information Disclosure Vulnerability
60048 Moodle CVE-2013-1836 Security Bypass Vulnerability
Moodle is prone to multiple security vulnerabilities, including:
1. Multiple security-bypass vulnerabilities
2. Multiple information-disclosure vulnerabilities
3. A cross-site scripting vulnerability
4. A data manipulation vulnerability
Attackers can exploit these issues to bypass certain security restrictions, obtain sensitive information, execute arbitrary script code, or perform unauthorized data modifications. Other attacks are also possible.
Moodle versions prior to 2.4.2, 2.3.5, and 2.2.8 are vulnerable.
This BID is being retired. The following individual records exist to better document the issues:
60036 Moodle 'managesubscriptions.php' CVE-2013-1829 Security Bypass Vulnerability
60038 Moodle CVE-2013-1830 Information Disclosure Vulnerability
60031 Moodle CVE-2013-1831 Information Disclosure Vulnerability
60034 Moodle CVE-2013-1832 Password Information Disclosure Vulnerability
60042 Moodle CVE-2013-1833 HTML Injection Vulnerability
60041 Moodle CVE-2013-1834 Security Bypass Vulnerability
60047 Moodle CVE-2013-1835 Information Disclosure Vulnerability
60048 Moodle CVE-2013-1836 Security Bypass Vulnerability
Exploit / POC
RETIRED: Moodle Multiple Remote Security Vulnerabilities
An attacker can use a browser to exploit these issues. To exploit a cross-site scripting vulnerability an attacker must entice an unsuspecting user to follow a malicious URI.
An attacker can use a browser to exploit these issues. To exploit a cross-site scripting vulnerability an attacker must entice an unsuspecting user to follow a malicious URI.
Solution / Fix
RETIRED: Moodle Multiple Remote Security Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.