CVE-2009-4298

NameCVE-2009-4298
DescriptionThe LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores the (1) username, (2) firstname, and (3) lastname fields within the user table, which allows attackers to obtain user account information via unknown vectors.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1986-1
NVD severitymedium (attack range: remote)
Debian Bugs559531

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
moodlesource(unstable)1.8.2.dfsg-6medium559531
moodlesourcelenny1.8.2.dfsg-3+lenny3mediumDSA-1986-1

Notes

MSA-09-0023

Search for package or bug name: Reporting problems