CRLF injection vulnerability in calendar/set.php in the Calendar component in Moodle 1.9.x prior to 1.9.15, 2.0.x prior to 2.0.6, 2.1.x prior to 2.1.3, and 2.2 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors involving the url variable.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
moodle moodle 1.9.8 |
||
moodle moodle 1.9.9 |
||
moodle moodle 1.9.12 |
||
moodle moodle 1.9.13 |
||
moodle moodle 1.9.1 |
||
moodle moodle 1.9.4 |
||
moodle moodle 1.9.6 |
||
moodle moodle 2.0.0 |
||
moodle moodle 2.0.2 |
||
moodle moodle 2.2.0 |
||
moodle moodle 1.9.10 |
||
moodle moodle 1.9.11 |
||
moodle moodle 1.9.2 |
||
moodle moodle 1.9.3 |
||
moodle moodle 2.0.3 |
||
moodle moodle 2.0.4 |
||
moodle moodle 2.0.5 |
||
moodle moodle 2.1.0 |
||
moodle moodle 2.1.1 |
||
moodle moodle 1.9.5 |
||
moodle moodle 1.9.7 |
||
moodle moodle 1.9.14 |
||
moodle moodle 2.0.1 |
||
moodle moodle 2.1.2 |
Vulmon