Moodle 2.7.x < 2.7.9 / 2.8.x < 2.8.7 / 2.9.x < 2.9.1 Multiple Vulnerabilities
Critical Nessus Network Monitor Plugin ID 8968
SynopsisThe remote web server is hosting a web application that is vulnerable to multiple attack vectors.
DescriptionMoodle, an open-source course management system, installed on the remote host is version 2.7.x prior to 2.7.9, 2.8.x prior to 2.8.7, or 2.9.x prior to 2.9.1, and is affected by multiple vulnerabilities :
- A flaw in the 'clean_param()' function in 'lib/moodlelib.php' that allows a cross-site redirection attack. This flaw exists because the application does not validate a certain parameter when generating error messages and allows a context-dependent attacker to create a specially crafted link that, if followed, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choosing. (CVE-2015-3272)
- A flaw in the 'mod/forum/post.php' script that is due to missing capability checks allowing an unauthorized remote attacker to post on the forum. (CVE-2015-3273)
- A flaw that allows a stored cross-site scripting (XSS) attack. This flaw exists because the 'user_get_user_details()' function in the 'user/lib.php' script does not validate input to text profile fields before returning it to users allowing an authenticated remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (CVE-2015-3274)
SolutionUpgrade to Moodle version 2.7.9, 2.8.7, or 2.9.1 or later.