← back
CVE-2009-4298

CVE-2009-4298

EPSS 1.6%
The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores the (1) username, (2) firstname, and (3) lastname fields within the user table, which allows attackers to obtain user account information via unknown vectors.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://docs.moodle.org/en/Moodle_1.8.11_release_noteshttp://docs.moodle.org/en/Moodle_1.9.7_release_noteshttp://moodle.org/mod/forum/discuss.php?d=139102http://secunia.com/advisories/37614https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-December/msg00751.htmlhttp://www.securityfocus.com/bid/37244http://www.vupen.com/english/advisories/2009/3455