CVE Vulnerabilities

CVE-2018-1081

Published: Apr 04, 2018 | Modified: Aug 28, 2020
CVSS 3.x
5.3
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was verified, otherwise admin email can be spammed.

Affected Software

Name Vendor Start Version End Version
Moodle Moodle * 3.0.10 (including)
Moodle Moodle 3.1 (including) 3.1.10 (including)
Moodle Moodle 3.2 (including) 3.2.7 (including)
Moodle Moodle 3.3 (including) 3.3.4 (including)
Moodle Moodle 3.4.0 (including) 3.4.1 (including)
Moodle Ubuntu artful *
Moodle Ubuntu bionic *
Moodle Ubuntu cosmic *
Moodle Ubuntu disco *
Moodle Ubuntu eoan *
Moodle Ubuntu trusty *
Moodle Ubuntu xenial *

References