MSA-17-0005: SQL injection via user preferences

by Marina Glancy.  

...
Description:PoC was presented of SQL injection by an ordinary registered user on Moodle 3.2 via web interface. Similar scenario could be used in previous versions of Moodle but only by managers/admins and only via web services.
Issue summary:Remote Code Execution @ 3.2.1
Severity/Risk:Serious
Versions affected:3.2 to 3.2.1,
Leer más...

MSA-17-0004: XSS in assignment submission page

by Marina Glancy.  

...
Description:HTML injection with potential XSS attack was possible by modifying URL for assignment submission and tricking another user into following it
Issue summary:XSS in assignment submission page
Severity/Risk:Minor
Versions affected:3.2 and 3.1 to 3.1.3
Versions fixed:3.2.1 and 3.1.4 (also backported to 2.7.18 and 3.0.8
Leer más...

MSA-17-0003: PHPMailer vulnerability in no-reply address

by Marina Glancy.  

...
Description:Security vulnerability was reported against PHPMailer, third party library used by Moodle. As a result Moodle improved validation of no-reply address (that can only be configured by admin), all other fields were already properly sanitized. This issue only affect sites that leave $CFG->smtphosts empty.
Issue
Leer más...

MSA-17-0002: Incorrect sanitation of attributes in forums

by Marina Glancy.  

...
Description:Forum post author can change too many fields when editing the post
Issue summary:Incorrect sanitation of attributes
Severity/Risk:Minor
Versions affected:3.2, 3.1 to 3.1.3, 3.0 to 3.0.7, 2.9 to 2.9.9, 2.8 to 2.8.12, 2.7 to 2.7.17 and earlier unsupported versions
Versions fixed:3.2.1, 3.1.4, 3.0.8 and 2.7.18
Reported
Leer más...