Info

Disclosure

May 22, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

May 21, 2012

Description

Moodle contains a flaw that is triggered by an error when handling access permissions, which may allow an attacker to bypass read-only mode and manipulate arbitrary activity entries.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Private
Disclosure: Vendor Verified, Coordinated Disclosure
OSVDB: Web Related

Solution

Upgrade to version 1.9.18, 2.0.9, 2.1.6, or 2.2.3 or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Moodle Trust	Moodle	2.2.0
		2.2
		2.2.0-rc1
		2.2.0 beta
		2.2.1
		2.1.0
		2.1.1
		2.1.2
		2.1.3
		2.1.4
		2.1.5
		2.0.4
		2.0.3
		2.0.1
		2.0.7
		2.0.6
		2.0.5
		2.0.0-rc1
		2.0.0-rc2
		2.0.0
		2.0.2
		2.0.8

References

CVE ID: 2012-2358 (see also: NVD)
Secunia Advisory ID: 49233
Related OSVDB ID: 82060 82061 82062 82063 82064 82066 82067 82068 82069 82070 82071 82072 82073 82074
Vendor Specific Solution URL: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31811
Vendor Specific Advisory URL: http://moodle.org/mod/forum/discuss.php?d=203046
Other Advisory URL: http://openwall.com/lists/oss-security/2012/05/23/2

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/82065

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Moodle Trust

Moodle

References

Credit