CVE-2009-4301 Information
Description
mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 when MNET services are enabled does not properly check permissions which allows remote authenticated servers to execute arbitrary MNET functions.
Reference
http://cvs.moodle.org/moodle/mnet/lib.php?r1=1.16.2.10&r2=1.16.2.11 http://cvs.moodle.org/moodle/mnet/lib.php?r1=1.9.2.7&r2=1.9.2.8 http://docs.moodle.org/en/Moodle_1.8.11_release_notes http://docs.moodle.org/en/Moodle_1.9.7_release_notes http://moodle.org/mod/forum/discuss.php?d=139106 http://secunia.com/advisories/37614 http://www.securityfocus.com/bid/37244 http://www.vupen.com/english/advisories/2009/3455 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.html https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.html https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00751.html
Share on: