CVE-2011-4301

The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API setConstant operations, which allows remote attackers to submit unexpected form content by modifying the values of constant fields.

Published: Jul 11, 2012
Updated: Apr 13, 2023
CVE: CVE-2011-4301
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
moodle / moodle	2.0.2	2.0.2.x
moodle / moodle	1.9.4	1.9.4.x
moodle / moodle	1.9.6	1.9.6.x
moodle / moodle	1.9.9	1.9.9.x
moodle / moodle	2.0.1	2.0.1.x
moodle / moodle	1.9.11	1.9.11.x
moodle / moodle	2.0.4	2.0.4.x
moodle / moodle	1.9.2	1.9.2.x
moodle / moodle	1.9.12	1.9.12.x
moodle / moodle	1.9.10	1.9.10.x
moodle / moodle	2.0.3	2.0.3.x
moodle / moodle	2.1.1	2.1.1.x
moodle / moodle	1.9.3	1.9.3.x
moodle / moodle	1.9.13	1.9.13.x
moodle / moodle	1.9.5	1.9.5.x
moodle / moodle	1.9.8	1.9.8.x
moodle / moodle	1.9.7	1.9.7.x
moodle / moodle	2.0.0	2.0.0.x
moodle / moodle	2.1.0	2.1.0.x

Vulnerability Database

290,020

CVE-2011-4301