The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x prior to 1.9.14, 2.0.x prior to 2.0.5, and 2.1.x prior to 2.1.2 does not recognize Forms API setConstant operations, which allows remote malicious users to submit unexpected form content by modifying the values of constant fields.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
moodle moodle 2.0.2 |
||
moodle moodle 1.9.4 |
||
moodle moodle 1.9.6 |
||
moodle moodle 1.9.9 |
||
moodle moodle 2.0.1 |
||
moodle moodle 1.9.11 |
||
moodle moodle 2.0.4 |
||
moodle moodle 1.9.2 |
||
moodle moodle 1.9.12 |
||
moodle moodle 1.9.10 |
||
moodle moodle 2.0.3 |
||
moodle moodle 2.1.1 |
||
moodle moodle 1.9.3 |
||
moodle moodle 1.9.13 |
||
moodle moodle 1.9.5 |
||
moodle moodle 1.9.8 |
||
moodle moodle 1.9.7 |
||
moodle moodle 2.0.0 |
||
moodle moodle 2.1.0 |