GHSA-jcrj-gmr6-p5j8
Suggest an improvement- Source
- https://github.com/advisories/GHSA-jcrj-gmr6-p5j8
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jcrj-gmr6-p5j8/GHSA-jcrj-gmr6-p5j8.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-jcrj-gmr6-p5j8
- Aliases
-
- CVE-2011-4301
- Published
- 2022-05-13T01:13:10Z
- Modified
- 2024-01-17T16:41:40.017576Z
- Summary
- Moodle Allows Modification of Constants
- Details
-
The
MoodleQuickFormclass in the Forms Library inlib/formslib.phpin Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms APIsetConstantoperations, which allows remote attackers to submit unexpected form content by modifying the values of constant fields. - Database specific
{ "nvd_published_at": "2012-07-11T10:26:00Z", "cwe_ids": [ "CWE-471" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-01-17T15:43:30Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2011-4301
- https://github.com/moodle/moodle/commit/1f52e72526c305989eadc702b5299edb2a50ac3c
- https://github.com/moodle/moodle/commit/2a44c5192c875c4f4b4e813d7227b19d8fda86ba
- https://github.com/moodle/moodle/commit/a6f18c98f43b6fc6b8b7c4e96af41cb4a626e1b8
- https://github.com/moodle/moodle/commit/f1f70bd4dde6cd1ea4bdb8ab28fa3d36a53b89d8
- https://bugzilla.redhat.com/show_bug.cgi?id=747444
- https://github.com/moodle/moodle
- http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=f1f70bd4dde6cd1ea4bdb8ab28fa3d36a53b89d8
- http://git.moodle.org/gw?p=moodle.git;a=commit;h=f1f70bd4dde6cd1ea4bdb8ab28fa3d36a53b89d8
- http://moodle.org/mod/forum/discuss.php?d=188313
Affected packages
Packagist / moodle/moodle
Package
- Name
- moodle/moodle
- Purl
- pkg:composer/moodle/moodle
Packagist / moodle/moodle
Package
- Name
- moodle/moodle
- Purl
- pkg:composer/moodle/moodle
Packagist / moodle/moodle
Package
- Name
- moodle/moodle
- Purl
- pkg:composer/moodle/moodle