CVE-2011-4294

EPSS 0.4%
Published 16.07.2012 10:28:37
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

The error-message functionality in Moodle 1.9.x before 1.9.13, 2.0.x before 2.0.4, and 2.1.x before 2.1.1 does not ensure that a continuation link refers to an http or https URL for the local Moodle instance, which might allow attackers to trick users into visiting arbitrary web sites via unspecified vectors.

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Moodle ≫ Moodle Version1.9.1

Moodle ≫ Moodle Version1.9.2

Moodle ≫ Moodle Version1.9.3

Moodle ≫ Moodle Version1.9.4

Moodle ≫ Moodle Version1.9.5

Moodle ≫ Moodle Version1.9.6

Moodle ≫ Moodle Version1.9.7

Moodle ≫ Moodle Version1.9.8

Moodle ≫ Moodle Version1.9.9

Moodle ≫ Moodle Version1.9.10

Moodle ≫ Moodle Version1.9.11

Moodle ≫ Moodle Version1.9.12

Moodle ≫ Moodle Version2.0.0

Moodle ≫ Moodle Version2.0.1

Moodle ≫ Moodle Version2.0.2

Moodle ≫ Moodle Version2.0.3

Moodle ≫ Moodle Version2.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.4%	0.574

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:N/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://openwall.com/lists/oss-security/2011/11/14/1

http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=8f9f666c902cb30ef6f519353f38c45a29fdf4a6

http://moodle.org/mod/forum/discuss.php?d=182737

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2011-4294

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-4294

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-4294

EUVD