CVE-2011-4589

2012-07-2010:40:36

CWE-264

redhat

web.nvd.nist.gov

cve-2011-4589

moodle

backup

restore_stepslib.php

information security

vulnerability

nvd

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

AI Score

6.3

Confidence

Low

EPSS

0.002

Percentile

64.4%

JSON

backup/moodle2/restore_stepslib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not check for the moodle/course:changeidnumber privilege during handling of course ID numbers, which allows remote authenticated users to overwrite ID numbers via a restore action.

Affected configurations

Nvd

Node

moodlemoodleMatch2.0.0

moodlemoodleMatch2.0.1

moodlemoodleMatch2.0.2

moodlemoodleMatch2.0.3

moodlemoodleMatch2.0.4

moodlemoodleMatch2.0.5

Node

moodlemoodleMatch2.1.0

moodlemoodleMatch2.1.1

moodlemoodleMatch2.1.2

VendorProductVersionCPE
moodlemoodle2.0.3cpe:/a:moodle:moodle:2.0.3:::
moodlemoodle2.0.2cpe:/a:moodle:moodle:2.0.2:::
moodlemoodle2.0.5cpe:/a:moodle:moodle:2.0.5:::
moodlemoodle2.0.0cpe:/a:moodle:moodle:2.0.0:::
moodlemoodle2.0.1cpe:/a:moodle:moodle:2.0.1:::
moodlemoodle2.0.4cpe:/a:moodle:moodle:2.0.4:::

Vendor	Product	Version	CPE
moodle	moodle	2.0.3	cpe:/a:moodle:moodle:2.0.3:::
moodle	moodle	2.0.2	cpe:/a:moodle:moodle:2.0.2:::
moodle	moodle	2.0.5	cpe:/a:moodle:moodle:2.0.5:::
moodle	moodle	2.0.0	cpe:/a:moodle:moodle:2.0.0:::
moodle	moodle	2.0.1	cpe:/a:moodle:moodle:2.0.1:::
moodle	moodle	2.0.4	cpe:/a:moodle:moodle:2.0.4:::