CVE-2012-6101

Multiple open redirect vulnerabilities in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors related to (1) backup/backupfilesedit.php, (2) comment/comment_post.php, (3) course/switchrole.php, (4) mod/wiki/filesedit.php, (5) tag/coursetags_add.php, or (6) user/files.php.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
moodlemoodle
2.2.0
moodlemoodle
2.2.1
moodlemoodle
2.2.2
moodlemoodle
2.2.3
moodlemoodle
2.2.4
moodlemoodle
2.2.5
moodlemoodle
2.2.6
moodlemoodle
2.3.0
moodlemoodle
2.3.1
moodlemoodle
2.3.2
moodlemoodle
2.3.3
moodlemoodle
2.4.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
moodle
hardy
ignored
lucid
not-affected
oneiric
not-affected
precise
not-affected
quantal
ignored
raring
ignored
saucy
not-affected
trusty
dne
Common Weakness Enumeration
References
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-35991
http://openwall.com/lists/oss-security/2013/01/21/1
https://moodle.org/mod/forum/discuss.php?d=220162
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-35991
http://openwall.com/lists/oss-security/2013/01/21/1
https://moodle.org/mod/forum/discuss.php?d=220162