CVE-2018-1081

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-1081

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1081.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2018-1081

Aliases

GHSA-v9xq-vh72-chr4

Downstream

UBUNTU-CVE-2018-1081

Published

2018-04-04T21:29:00.213Z

Modified

2026-04-11T17:15:01.088037Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was verified, otherwise admin email can be spammed.

References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type

GIT

Repo

https://github.com/moodle/moodle

Events

Introduced

Last affected

0bd0ee444a07818fc495c95697ea1ec1a6abeefb

Introduced

268abfacc54c4cbf9722c1502569b311c7caefff

Last affected

f41a17331714b7dd95425ad979bffa1cc74c002a

Introduced

b182239f21c38ea57cddb41b0c03ef3eb02709f8

Last affected

36c7af0e7e1e62918da262668114a8b759f39768

Introduced

b87a580aa3eb23d5f05d7f619fc40a89e0f86fe5

Last affected

330fa046d56a31f6d69fd35d53476afaead55535

Introduced

665c3ac59c35b7387a4fc70b8ac6600ce9ffeb87

Last affected

c9236c6860d763916d8c7a0f8c5c63f37a0e3a0f

Database specific

{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.0.10"
        },
        {
            "introduced": "3.1"
        },
        {
            "last_affected": "3.1.10"
        },
        {
            "introduced": "3.2"
        },
        {
            "last_affected": "3.2.7"
        },
        {
            "introduced": "3.3"
        },
        {
            "last_affected": "3.3.4"
        },
        {
            "introduced": "3.4.0"
        },
        {
            "last_affected": "3.4.1"
        }
    ],
    "source": "CPE_FIELD",
    "cpe": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*"
}

Affected versions

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.0.3

v1.0.4

v1.0.5

v1.0.6

v1.0.7

v1.0.8

v1.0.9

v1.1.0

v1.1.1

v1.2.0

v1.2.1

v1.3.0

v2.*

v2.0.0

v2.0.0-rc1

v2.0.0-rc2

v2.0.1

v2.1.0

v2.2.0

v2.2.0-beta

v2.2.0-rc1

v2.3.0

v2.3.0-beta

v2.3.0-rc1

v2.4.0

v2.4.0-beta

v2.4.0-rc1

v2.5.0

v2.5.0-beta

v2.5.0-rc1

v2.6.0

v2.6.0-beta

v2.6.0-rc1

v2.7.0

v2.7.0-beta

v2.7.0-rc1

v2.7.0-rc2

v2.8.0

v2.8.0-beta

v2.8.0-rc1

v2.8.0-rc2

v2.9.0

v2.9.0-beta

v2.9.0-rc1

v2.9.0-rc2

v3.*

v3.0.0

v3.0.0-beta

v3.0.0-rc1

v3.0.0-rc2

v3.0.0-rc3

v3.0.0-rc4

v3.0.1

v3.0.10

v3.0.3

v3.0.4

v3.0.5

v3.0.6

v3.0.7

v3.0.8

v3.0.9

v3.1.0

v3.1.1

v3.1.10

v3.1.2

v3.1.3

v3.1.4

v3.1.5

v3.1.6

v3.1.7

v3.1.8

v3.1.9

v3.2.0

v3.2.1

v3.2.2

v3.2.3

v3.2.4

v3.2.5

v3.2.6

v3.2.7

v3.3.0

v3.3.1

v3.3.2

v3.3.3

v3.3.4

v3.4.0

v3.4.1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1081.json"