CVE-2018-1081

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-1081

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1081.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-1081

Aliases

GHSA-v9xq-vh72-chr4

Related

UBUNTU-CVE-2018-1081

Published

2018-04-04T21:29:00Z

Modified

2024-09-03T02:04:16.696637Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was verified, otherwise admin email can be spammed.

References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type: GIT
Repo: https://github.com/moodle/moodle
Events: Introduced

b87a580aa3eb23d5f05d7f619fc40a89e0f86fe5

Last affected

330fa046d56a31f6d69fd35d53476afaead55535

Introduced

b182239f21c38ea57cddb41b0c03ef3eb02709f8

Last affected

36c7af0e7e1e62918da262668114a8b759f39768

Introduced

665c3ac59c35b7387a4fc70b8ac6600ce9ffeb87

Last affected

c9236c6860d763916d8c7a0f8c5c63f37a0e3a0f

Affected versions

v3.*

v3.2.0

v3.2.1

v3.2.2

v3.2.3

v3.2.4

v3.2.5

v3.2.6

v3.2.7

v3.3.0

v3.3.1

v3.3.2

v3.3.3

v3.3.4

v3.4.0

v3.4.0-beta

v3.4.0-rc1

v3.4.0-rc2

v3.4.0-rc3

v3.4.1