6

CVE-2009-4301

mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7, when MNET services are enabled, does not properly check permissions, which allows remote authenticated servers to execute arbitrary MNET functions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MoodleMoodle Version1.8.1
MoodleMoodle Version1.8.2
MoodleMoodle Version1.8.3
MoodleMoodle Version1.8.4
MoodleMoodle Version1.8.5
MoodleMoodle Version1.8.7
MoodleMoodle Version1.8.8
MoodleMoodle Version1.8.9
MoodleMoodle Version1.8.10
MoodleMoodle Version1.9.1
MoodleMoodle Version1.9.2
MoodleMoodle Version1.9.3
MoodleMoodle Version1.9.4
MoodleMoodle Version1.9.5
MoodleMoodle Version1.9.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.38% 0.685
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6 6.8 6.4
AV:N/AC:M/Au:S/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://docs.moodle.org/en/Moodle_1.8.11_release_notes
Patch
http://docs.moodle.org/en/Moodle_1.9.7_release_notes
Patch
http://secunia.com/advisories/37614
Vendor Advisory
http://www.securityfocus.com/bid/37244
Patch
http://www.vupen.com/english/advisories/2009/3455
Vendor Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00751.html
http://cvs.moodle.org/moodle/mnet/lib.php?r1=1.16.2.10&r2=1.16.2.11
Patch
http://cvs.moodle.org/moodle/mnet/lib.php?r1=1.9.2.7&r2=1.9.2.8
Patch
http://moodle.org/mod/forum/discuss.php?d=139106
Patch
Vendor Advisory