Boletines de Vulnerabilidades

MSA-24-0002: Forum search accepted random parameters in its URL

Información sobre el sistema
   
Software afectado PHP

Descripción
by Michael Hawkins. The URL parameters accepted by forum search were not limited to the allowed parameters.Severity/Risk:MinorVersions affected:4.3 to 4.3.2, 4.2 to 4.2.5, 4.1 to 4.1.8 and earlier unsupported versionsVersions fixed:4.3.3, 4.2.6 and 4.1.9Reported by:Piotr WidakCVE identifier:CVE-2024-25979Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-69774Tracker issue:MDL-69774 Forum search accepted random parameters in its URL

More info:

https://moodle.org/mod/forum/discuss.php?d=455635&parent=1830378

Identificadores estándar
Propiedad Valor
CVE CVE-2024-25979.

Histórico de versiones
Versión Comentario Data
Ministerio de Defensa
CNI
CCN
CCN-CERT