CVE-2009-4301
CVE-2009-4301
mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7, when MNET services are enabled, does not properly check permissions, which allows remote authenticated servers to execute arbitrary MNET functions.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://cvs.moodle.org/moodle/mnet/lib.php?r1=1.16.2.10&r2=1.16.2.11http://cvs.moodle.org/moodle/mnet/lib.php?r1=1.9.2.7&r2=1.9.2.8http://docs.moodle.org/en/Moodle_1.8.11_release_noteshttp://docs.moodle.org/en/Moodle_1.9.7_release_noteshttp://moodle.org/mod/forum/discuss.php?d=139106http://secunia.com/advisories/37614https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-December/msg00751.htmlhttp://www.securityfocus.com/bid/37244http://www.vupen.com/english/advisories/2009/3455