Release date:
Updated on:
Affected Systems:
Moodle 2.x
Moodle 1.9.x
Unaffected system:
Moodle 2.2.3
Moodle 2.1.6
Moodle 2.0.9
Moodle 1.9.18
Description:
--------------------------------------------------------------------------------
Bugtraq id: 53626
Cve id: CVE-2012-2367
Moodle is a course Management System (CMS), also known as Learning Management System (LMS) or virtual learning environment (VLE ). It is a free Web application. Teachers can use it to build efficient online learning websites.
Moodle has the Security Restriction Bypass Vulnerability. Attackers can exploit this vulnerability to bypass security restrictions and perform illegal operations. They can access the new calendar Item Page and create calendar items.
<* Source: Martin Huntley
Link: http://moodle.org/mod/forum/discuss.php? D = 203057
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Moodle
------
Moodle has released a Security Bulletin (MSA-12-0038) and patches for this:
MSA-12-0038: Calendar event write permission issue
Link: http://moodle.org/mod/forum/discuss.php? D = 203057