CVE-2012-1168Improper Input Validation in Moodle

CWE-20Improper Input Validation5 documents3 sources
Severity
8.2HIGHNVD
EPSS
2.2%
top 15.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
MoodleFedoraproject FedoraRedhat Enterprise Linux
Timeline
PublishedNov 14
Latest updateApr 23

Description

Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:LExploitability: 3.9 | Impact: 4.2

Affected Packages2 packages

NVDmoodle/moodle< 2.2.2
CVEListV5moodle/moodle2.0 to 2.0.7+, 2.1 to 2.1.4+, 2.2 to 2.2.1++2

Also affects: Fedora 15, 16, 17, Enterprise Linux 6.0

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

1
GHSA
GHSA-ccwc-3v75-qp35: Moodle before 22022-04-23

💬Community

3
Bugzilla
CVE-2012-1155 CVE-2012-1156 CVE-2012-1157 CVE-2012-1158 CVE-2012-1159 CVE-2012-1160 CVE-2012-1161 CVE-2012-1168 CVE-2012-1169 CVE-2012-1170 moodle: multiple security fixes in 2.2.2, 2.1.5, 2.0.8, 1.9.2012-04-02
Bugzilla
CVE-2012-1155 CVE-2012-1156 CVE-2012-1157 CVE-2012-1158 CVE-2012-1159 CVE-2012-1160 CVE-2012-1161 CVE-2012-1168 CVE-2012-1169 CVE-2012-1170 moodle: multiple security fixes in 2.2.2, 2.1.5, 2.0.8, 1.9.2012-04-02
Bugzilla
CVE-2012-1155 CVE-2012-1156 CVE-2012-1157 CVE-2012-1158 CVE-2012-1159 CVE-2012-1160 CVE-2012-1161 CVE-2012-1168 CVE-2012-1169 CVE-2012-1170 moodle: multiple security fixes in 2.2.2, 2.1.5, 2.0.8, 1.9.2012-04-02
CVE-2012-1168 — Improper Input Validation in Moodle | cvebase