CVE-2018-1081

State: PUBLISHED · Published: 2018-04-04 · Updated: 2024-09-16 · Assigner: redhat

Description

A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was verified, otherwise admin email can be spammed.

CWE

CWE-79 — CWE-79

Affected

Red Hat, Inc. / Moodle — v=3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions [affected]

CVSS

(none)

References

https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-61392 x_refsource_CONFIRM
https://moodle.org/mod/forum/discuss.php?d=367938 x_refsource_CONFIRM
http://www.securityfocus.com/bid/103728 vdb-entry, x_refsource_BID

Source

cvelistV5-main/cves/2018/1xxx/CVE-2018-1081.json