Описание
The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API setConstant operations, which allows remote attackers to submit unexpected form content by modifying the values of constant fields.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1.9.9.dfsg2-4 |
| hardy | ignored | end of life |
| lucid | ignored | end of life |
| maverick | ignored | end of life |
| natty | ignored | end of life |
| oneiric | ignored | end of life |
| precise | not-affected | 1.9.9.dfsg2-4 |
| quantal | not-affected | 1.9.9.dfsg2-4 |
| raring | not-affected | 1.9.9.dfsg2-4 |
| saucy | not-affected | 1.9.9.dfsg2-4 |
Показывать по
Ссылки на источники
EPSS
5 Medium
CVSS2
Связанные уязвимости
The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API setConstant operations, which allows remote attackers to submit unexpected form content by modifying the values of constant fields.
The MoodleQuickForm class in the Forms Library in lib/formslib.php in ...
EPSS
5 Medium
CVSS2