SB2013091606 - Multiple vulnerabilities in Moodle
Published: September 16, 2013 Updated: January 16, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Code Injection (CVE-ID: CVE-2013-3630)
The vulnerability allows a remote #AU# to read and manipulate data.
Moodle through 2.5.2 allows remote authenticated administrators to execute arbitrary programs by configuring the aspell pathname and then triggering a spell-check operation within the TinyMCE editor.
2) Input validation error (CVE-ID: CVE-2012-6087)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
repository/s3/S3.php in the Amazon S3 library in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to an incorrect CURLOPT_SSL_VERIFYHOST value.
3) SQL injection (CVE-ID: CVE-2013-4313)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
4) Cross-site scripting (CVE-ID: CVE-2013-4341)
Vulnerability allows a remote attacker to perform Cross-site scripting attacks.
An input validation error exists in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 when processing a crafted blog link within an RSS feed. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
5) Code Injection (CVE-ID: CVE-2013-5674)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object injection attacks via unspecified vectors, as demonstrated by overwriting the value of the userid parameter.
Remediation
Install update from vendor's website.
References
- https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one
- https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-40615
- http://www.openwall.com/lists/oss-security/2013/01/03/1
- https://moodle.org/mod/forum/discuss.php?d=238393
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-40676
- https://moodle.org/mod/forum/discuss.php?d=238396
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-41623
- https://moodle.org/mod/forum/discuss.php?d=238399
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-40924
- https://moodle.org/mod/forum/discuss.php?d=238397