Caching Vulnerability in Moodle Allows Unauthorized Write Access to Temporary Directory

Caching Vulnerability in Moodle Allows Unauthorized Write Access to Temporary Directory

CVE-2011-4293 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:P

The theme implementation in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 triggers duplicate caching of Cascading Style Sheets (CSS) and JavaScript content, which allows remote attackers to bypass intended access restrictions and write to an operating-system temporary directory via unspecified vectors.

Learn more about our Web Application Penetration Testing UK.