Debian: DSA-1986-1 High: Moodle SQL Injection and Access Risks
debian
February 2, 2010
Several vulnerabilities have been discovered in Moodle, an online course management system
Topics Covered
Summary
Several vulnerabilities have been discovered in Moodle, an online
course management system. The Common Vulnerabilities and Exposures
project identifies the following problems:
CVE-2009-4297
Multiple cross-site request forgery (CSRF) vulnerabilities have been
discovered.
CVE-2009-4298
It has been discovered that the LAMS module is prone to the disclosure
of user account information.
CVE-2009-4299
The Glossary module has an insufficient access control mechanism.
CVE-2009-4301
Moodle does not properly check permissions when the MNET service is
enabled, which allows remote authenticated servers to execute arbitrary
MNET functions.
CVE-2009-4302
The login/index_form.html page links to an HTTP page instead of using an
SSL secured connection.
CVE-2009-4303
Moodle stores sensitive data in backup files, which might make it
possible for attackers to obtain them.
CVE-2009-4305
It has been disco...
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Package: moodle
CVE IDs: CVE-2009-4297 CVE-2009-4298 CVE-2009-4299 CVE-2009-4301
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!