GHSA-jcrj-gmr6-p5j8

Suggest an improvement
Source
https://github.com/advisories/GHSA-jcrj-gmr6-p5j8
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jcrj-gmr6-p5j8/GHSA-jcrj-gmr6-p5j8.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-jcrj-gmr6-p5j8
Aliases
  • CVE-2011-4301
Published
2022-05-13T01:13:10Z
Modified
2024-01-17T16:11:52.919918Z
Summary
Moodle Allows Modification of Constants
Details

The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API setConstant operations, which allows remote attackers to submit unexpected form content by modifying the values of constant fields.

Database specific
{
    "nvd_published_at": "2012-07-11T10:26:00Z",
    "cwe_ids": [
        "CWE-471"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-17T15:43:30Z"
}
References

Affected packages

Packagist / moodle/moodle

Package

Name
moodle/moodle
Purl
pkg:composer/moodle/moodle

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.9.14

Packagist / moodle/moodle

Package

Name
moodle/moodle
Purl
pkg:composer/moodle/moodle

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.0
Fixed
2.0.5

Packagist / moodle/moodle

Package

Name
moodle/moodle
Purl
pkg:composer/moodle/moodle

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.1
Fixed
2.1.2