CVE-2013-2083

Name of the Vulnerable Software and Affected Versions Moodle versions prior to 2.1.11 Moodle versions 2.2.x prior to 2.2.10 Moodle versions 2.3.x prior to 2.3.7 Moodle versions 2.4.x prior to 2.4.4

Description The issue arises from the improper handling of a certain array-element syntax by the MoodleQuickForm class in lib/formslib.php. This allows remote attackers to bypass intended form-data filtering via a crafted request.

Recommendations For versions prior to 2.1.11, update to version 2.1.11 or later. For versions 2.2.x prior to 2.2.10, update to version 2.2.10 or later. For versions 2.3.x prior to 2.3.7, update to version 2.3.7 or later. For versions 2.4.x prior to 2.4.4, update to version 2.4.4 or later.