Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-6101

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2012-6101
Last Modified 28 Jan 2013 12:00:00
Published 27 Jan 2013 05:55:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-6101

Summary

Multiple open redirect vulnerabilities in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors related to (1) backup/backupfilesedit.php, (2) comment/comment_post.php, (3) course/switchrole.php, (4) mod/wiki/filesedit.php, (5) tag/coursetags_add.php, or (6) user/files.php.

Vulnerable Systems

Application

  • Moodle 2.2

  • Moodle 2.2.1

  • Moodle 2.2.2

  • Moodle 2.2.3

  • Moodle 2.2.4

  • Moodle 2.2.5

  • Moodle 2.2.6

  • Moodle 2.3

  • Moodle 2.3.1

  • Moodle 2.3.2

  • Moodle 2.3.3

  • Moodle 2.4


References

CONFIRM - https://moodle.org/mod/forum/discuss.php?d=220162

MLIST - [oss-security] 20130121 Moodle security notifications public

CONFIRM - http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-35991


Last Updated: 27 May 2016 11:01:44