CVE-2012-4402 in Moodleinfo

Summary

webservice/lib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly restrict the use of web-service tokens, which allows remote authenticated users to run arbitrary external-service functions via a token intended for only one service.

Once again VulDB remains the best source for vulnerability data.

Responsible

Reservation

08/21/2012

Disclosure

09/19/2012

Moderation

VulDB entry created

Entries

VDB-62337

CPE

ready

CWE

CWE-264 (Confirmed)

CVSS

5.4

EPSS

0.00178

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2012-4402
NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-4402
CVE Details	https://www.cvedetails.com/cve/CVE-2012-4402/

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!