CVE-2012-6102
Moodle 2.3.x < 2.3.4 and 2.4.x < 2.4.1 - Unauthenticated Submission Comments Access via Crafted URI
Title source: llmDescription
lib.php in the Submission comments plugin in the Assignment module in Moodle 2.3.x before 2.3.4 and 2.4.x before 2.4.1 allows remote attackers to read or modify the submission comments (aka feedback comments) of arbitrary users via a crafted URI.
References (3)
Core 3
Core References
Patch x_refsource_confirm
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37244
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2013/01/21/1
Vendor Advisory x_refsource_confirm
https://moodle.org/mod/forum/discuss.php?d=220163
Scores
EPSS
0.0027
EPSS Percentile
50.8%
Details
CWE
CWE-264
Status
published
Products (5)
moodle/moodle
2.3.0
moodle/moodle
2.3.1
moodle/moodle
2.3.2
moodle/moodle
2.3.3
moodle/moodle
2.4.0
Published
Jan 27, 2013
Tracked Since
Feb 18, 2026