CVE-2011-4294: Improper Input Validation
(updated )
The error-message functionality in Moodle 1.9.x before 1.9.13, 2.0.x before 2.0.4, and 2.1.x before 2.1.1 does not ensure that a continuation link refers to an http or https URL for the local Moodle instance, which might allow attackers to trick users into visiting arbitrary web sites via unspecified vectors.
References
- git.moodle.org/gw?p=moodle.git;a=commit;h=8f9f666c902cb30ef6f519353f38c45a29fdf4a6
- moodle.org/mod/forum/discuss.php?d=182737
- openwall.com/lists/oss-security/2011/11/14/1
- github.com/advisories/GHSA-hxmp-8f47-x9fc
- github.com/moodle/moodle/commit/18c2fcf8f19e00f0e89421d8fd8b7486a6dc6f79
- github.com/moodle/moodle/commit/417fdfab6bbdcfc3f5b64704ec06912ae9cd1050
- github.com/moodle/moodle/commit/8f9f666c902cb30ef6f519353f38c45a29fdf4a6
- nvd.nist.gov/vuln/detail/CVE-2011-4294
Detect and mitigate CVE-2011-4294 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →