DSA-1986-1: Moodle vulnerabilities
If you are a user of the Moodle packages on Debian or Ubuntu (or any other derivative) see Debian Security Advisory 1986-1.
Package : moodle
Vulnerability : several vulnerabilities
Problem type : remote
CVE IDs : CVE-2009-4297 CVE-2009-4298 CVE-2009-4299 CVE-2009-4301
CVE-2009-4302 CVE-2009-4303 CVE-2009-4305
Debian Bugs : 559531
Several vulnerabilities have been discovered in Moodle, an online
course management system. The Common Vulnerabilities and Exposures
project identifies the following problems:
Multiple cross-site request forgery (CSRF) vulnerabilities have been
It has been discovered that the LAMS module is prone to the disclosure
of user account information.
The Glossary module has an insufficient access control mechanism.
Moodle does not properly check permissions when the MNET service is
enabled, which allows remote authenticated servers to execute arbitrary
The login/index_form.html page links to an HTTP page instead of using an
SSL secured connection.
Moodle stores sensitive data in backup files, which might make it
possible for attackers to obtain them.
It has been discovered that the SCORM module is prone to an SQL