Moodle KSES HTML Filter Bypass Vulnerability - Advisories

Moodle KSES HTML Filter Bypass Vulnerability

Secunia Advisory:	SA31017
Release Date:	2008-07-09

Critical:	Less critical
Impact:	Security Bypass
Where:	From remote
Solution Status:	Vendor Workaround

Software:	Moodle 1.6.x Moodle 1.7.x

CVE reference:	CVE-2008-1502 (Secunia mirror)



Description: Some vulnerabilities have been reported in Moodle, which can be exploited by malicious people to bypass certain security restrictions. For more information: SA30986 Solution: Fixed in recent nightly versions of the 1.7.x or 1.6.x branches. Upgrade to version 1.8.5 or 1.9. Provided and/or discovered by: Lukasz Pilorz, Allegro.pl Original Advisory: http://moodle.org/mod/forum/discuss.php?d=95031



Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

4 Related Secunia Security Advisories

1. Moodle Script Insertion and Cross-Site Request Forgery

Send Feedback to Secunia

If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	OpenOffice "rtl_allocateMe mory()" Truncation Vulnerability

2.	HP-UX update for Apache

3.	R "javareconf" Insecure Temporary Files

4.	Quick Poll "id" SQL Injection Vulnerability

5.	Honeyd "test.sh" Insecure Temporary Files

6.	Tiger "genmsgidx" Insecure Temporary Files

7.	Red Hat update for tomcat

8.	Ampache "gather-message s.sh" Insecure Temporary Files

9.	JustSystems Ichitaro Products Unspecified Code Execution Vulnerability

10.	Citadel "migrate_aliase s.sh" Insecure Temporary Files