Description
The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API setConstant operations, which allows remote attackers to submit unexpected form content by modifying the values of constant fields.
References (3)
Core 3
Core References
Patch x_refsource_confirm
http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=f1f70bd4dde6cd1ea4bdb8ab28fa3d36a53b89d8
Vendor Advisory x_refsource_confirm
http://moodle.org/mod/forum/discuss.php?d=188313
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=747444
Scores
EPSS
0.0027
EPSS Percentile
50.8%
Details
Status
published
Products (20)
moodle/moodle
1.9.2
moodle/moodle
1.9.3
moodle/moodle
1.9.4
moodle/moodle
1.9.5
moodle/moodle
1.9.6
moodle/moodle
1.9.7
moodle/moodle
1.9.8
moodle/moodle
1.9.9
moodle/moodle
1.9.10
moodle/moodle
1.9.11
... and 10 more
Published
Jul 11, 2012
Tracked Since
Feb 18, 2026