CVE-2011-4203
Moodle < 1.9.15 - CRLF Injection via Calendar URL Parameter
Title source: llmDescription
CRLF injection vulnerability in calendar/set.php in the Calendar component in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, 2.1.x before 2.1.3, and 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors involving the url variable.
References (2)
Core 2
Core References
Various Sources x_refsource_misc
http://tracker.moodle.org/browse/MDL-24808
Exploit x_refsource_misc
http://penturalabs.wordpress.com/2011/12/13/advisory-crlf-injection-vulnerability-in-moodle/
Scores
EPSS
0.0048
EPSS Percentile
65.4%
Details
CWE
CWE-94
Status
published
Products (25)
moodle/moodle
1.9.1
moodle/moodle
1.9.2
moodle/moodle
1.9.3
moodle/moodle
1.9.4
moodle/moodle
1.9.5
moodle/moodle
1.9.6
moodle/moodle
1.9.7
moodle/moodle
1.9.8
moodle/moodle
1.9.9
moodle/moodle
1.9.10
... and 15 more
Published
Dec 22, 2011
Tracked Since
Feb 18, 2026