CVE-2011-4298

Published: Jul 11, 2012Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in mod/wiki/ components in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allow remote attackers to hijack the authentication of arbitrary users for requests that modify wiki data.

Affected (7)

Products: Moodle: Moodle

1 product

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Moodle Moodle	Version 2.0.0
Moodle Moodle	Version 2.0.1
Moodle Moodle	Version 2.0.2
Moodle Moodle	Version 2.0.3
Moodle Moodle	Version 2.0.4
Moodle Moodle	Version 2.1.0
Moodle Moodle	Version 2.1.1

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (6)

http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=48346fb11f8ced06a05c0618b02a3a925b34ec59

Source: secalert@redhat.com

http://moodle.org/mod/forum/discuss.php?d=188309

Source: secalert@redhat.com

PatchVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=747444

Source: secalert@redhat.com

Patch

http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=48346fb11f8ced06a05c0618b02a3a925b34ec59

Source: af854a3a-2127-422b-91ae-364da2661108

http://moodle.org/mod/forum/discuss.php?d=188309

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=747444

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

Timeline

No history available yet.