First published: Thu Dec 22 2011(Updated: )
CRLF injection vulnerability in calendar/set.php in the Calendar component in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, 2.1.x before 2.1.3, and 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors involving the url variable.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
composer/moodle/moodle | >=2.1<2.1.3 | 2.1.3 |
composer/moodle/moodle | >=2.0<2.0.6 | 2.0.6 |
composer/moodle/moodle | <1.9.15 | 1.9.15 |
Moodle Moodle | =2.0.2 | |
Moodle Moodle | =1.9.4 | |
Moodle Moodle | =1.9.1 | |
Moodle Moodle | =1.9.6 | |
Moodle Moodle | =1.9.9 | |
Moodle Moodle | =2.0.1 | |
Moodle Moodle | =1.9.11 | |
Moodle Moodle | =2.1.2 | |
Moodle Moodle | =2.0.4 | |
Moodle Moodle | =1.9.2 | |
Moodle Moodle | =1.9.12 | |
Moodle Moodle | =1.9.10 | |
Moodle Moodle | =2.0.3 | |
Moodle Moodle | =2.1.1 | |
Moodle Moodle | =1.9.3 | |
Moodle Moodle | =2.0.5 | |
Moodle Moodle | =1.9.13 | |
Moodle Moodle | =1.9.5 | |
Moodle Moodle | =1.9.14 | |
Moodle Moodle | =1.9.8 | |
Moodle Moodle | =1.9.7 | |
Moodle Moodle | =2.0.0 | |
Moodle Moodle | =2.1.0 | |
Moodle Moodle | =2.2.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.