PT-2012-1921 · Moodle · Moodle
Published
2012-07-20
·
Updated
2020-12-01
·
CVE-2011-4589
CVSS v2.0
5.5
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Moodle versions 2.0.x through 2.0.5
Moodle versions 2.1.x through 2.1.2
Description
The issue concerns the handling of course ID numbers during a restore action. It allows remote authenticated users to overwrite ID numbers due to a lack of privilege checking for the
moodle/course:changeidnumber privilege in the backup/moodle2/restore stepslib.php file.Recommendations
For Moodle versions 2.0.x through 2.0.5, update to version 2.0.6 or later.
For Moodle versions 2.1.x through 2.1.2, update to version 2.1.3 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Moodle