Security Advisory

CVE-2011-4301

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2012-07-11 10:00:00
Last updated 2024-08-07 00:01:51
Assigner redhat
State PUBLISHED

Description

The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API setConstant operations, which allows remote attackers to submit unexpected form content by modifying the values of constant fields.