PT-2021-3692 · Moodle+1 · Moodle+1
Babar Khan Akhunzada
·
Published
2021-07-13
·
Updated
2025-03-07
·
CVE-2021-36402
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Moodle versions prior to 3.9.8
Moodle versions prior to 3.10.5
Moodle versions prior to 3.11.1
Description
The issue in Moodle is related to insufficient input validation, which may allow a remote attacker to obtain confidential information. Specifically, users' names required additional sanitizing in the account confirmation email to prevent a self-registration phishing risk.
Recommendations
For versions prior to 3.9.8, update to version 3.9.8 or later to resolve the issue.
For versions prior to 3.10.5, update to version 3.10.5 or later to resolve the issue.
For versions prior to 3.11.1, update to version 3.11.1 or later to resolve the issue.
As a temporary workaround, consider implementing additional sanitizing for users' names in the account confirmation email to prevent self-registration phishing risks.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Moodle