Moodle is vulnerable to email address validation bypass. It does not validate the address allowing an authenticated user to launch attacks using this flaw.
CPE | Name | Operator | Version |
---|---|---|---|
moodle/moodle | le | 1.5.4 | |
moodle/moodle | le | 1.7.7 | |
moodle/moodle | le | 1.9.15 | |
moodle/moodle | le | 2.0.6 | |
moodle/moodle | le | 1.6.9 | |
moodle/moodle | le | 2.1.3 | |
moodle/moodle | le | 2.2.0 |
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-13572
moodle.org/mod/forum/discuss.php?d=194014
www.debian.org/security/2012/dsa-2421
bugzilla.redhat.com/show_bug.cgi?id=783532
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-13572
github.com/moodle/moodle/commit/f88a9ef3fb3fdd2a796a8ff4471fc8c6e9093b78
github.com/moodle/moodle/compare/464ad0a47e6fcf93f56b3943a2e16d59b61f909c...256f77ef943a3004258ee522b5ba3424776cf9dc
github.com/moodle/moodle/compare/58a44ab2281f487380658f86e5faecd51731c2af...358e5cf791369a6aaf2723b7795a096a01a35fbb
github.com/moodle/moodle/compare/e4fd72ad34dbe941a6f78578173f907e8356ebfb...8c3badee6bd1823efe1074ec04e6d39dc3f49df2
moodle.org/mod/forum/discuss.php?d=194014