Moodle < 2.6 / 2.6.x < 2.6.9 / 2.7.x < 2.7.6 / 2.8.x < 2.8.4 Multiple Vulnerabilities
Medium Nessus Network Monitor Plugin ID 8726
SynopsisThe remote web server is hosting a web application that is vulnerable to multiple attack vectors.
DescriptionThe remote web server hosts Moodle, an open-source course management system. Versions of Moodle 2.6.x prior to 2.6.9, 2.7.x prior to 2.7.6, 2.8.x prior to 2.8.4, and all previous releases are exposed to the following vulnerabilities :
- An information disclosure vulnerability affects user profile data. By modifying an unspecified URL, a logged in user can view the list of another user's contacts, number of unread messages, and a list of their courses. (MSA-15-0010 / CVE-2015-2266)
- An authentication bypass vulnerability affects mdeploy. This flaw makes it possible to extract files anywhere on the system where the web server has write access. Although it is quite difficult to exploit since the attacker must have an account, know details about the system, and already have significant permissions on the site. (MSA-15-0011 / CVE-2015-2267)
- A denial of service vulnerability exists as a result of using a non-optimal regular expression in the filter which converts links to URLs. Specifically, this vulnerability affects the 'filter.php' script. (MSA-15-0012 / CVE-2015/2268)
- A cross-site scripting (XSS) vulnerability affects Block Titles. It is possible to create HTML injection through blocks with configurable titles, however this could only be exploited by users who are already marked as 'XSS-trusted' on the site. (MSA-15-0013 / CVE-2015-2269)
- An information disclosure vulnerability affects some custom Moodle themes that use block regions in the base layout for inaccessible courses. The content of these blocks and much of the course-related information could be exposed. Most themes, including all standard Moodle themes, are not affected. (MSA-15-0014 / CVE-2015-2270)
- A security bypass vulnerability affects the 'tag/user.php' script due to the program failing to respect capabilities for arbitrary users. This may allow an authenticated remote attacker to mark tags as inappropriate. (MSA-15-0015 / CVE-2015-2271)
- A cross-site scripting (XSS) vulnerability exists in the quiz statistics report script, 'statistics_question_table.php'. Specifically, this issue occurs because Quiz statistics report does not properly escape student responses. (MSA-15-0017 / CVE-2015-2273)
SolutionUpgrade to Moodle version 2.8.4 or later. If your installation cannot be upgraded to 2.8.x, versions 2.7.6 and 2.6.9 are also patched for these vulnerabilities.