Search for vulnerabilities
Vulnerability details: VCID-9vnd-cada-2ufg
Vulnerability ID VCID-9vnd-cada-2ufg
Aliases CVE-2011-4301
GHSA-jcrj-gmr6-p5j8
Summary Moodle Allows Modification of Constants The `MoodleQuickForm` class in the Forms Library in `lib/formslib.php` in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API `setConstant` operations, which allows remote attackers to submit unexpected form content by modifying the values of constant fields.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-471 Modification of Assumed-Immutable Data (MAID)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=f1f70bd4dde6cd1ea4bdb8ab28fa3d36a53b89d8
generic_textual MODERATE http://git.moodle.org/gw?p=moodle.git;a=commit;h=f1f70bd4dde6cd1ea4bdb8ab28fa3d36a53b89d8
generic_textual MODERATE http://moodle.org/mod/forum/discuss.php?d=188313
epss 0.00274 https://api.first.org/data/v1/epss?cve=CVE-2011-4301
epss 0.00274 https://api.first.org/data/v1/epss?cve=CVE-2011-4301
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=747444
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-jcrj-gmr6-p5j8
generic_textual MODERATE https://github.com/moodle/moodle
generic_textual MODERATE https://github.com/moodle/moodle/commit/1f52e72526c305989eadc702b5299edb2a50ac3c
generic_textual MODERATE https://github.com/moodle/moodle/commit/2a44c5192c875c4f4b4e813d7227b19d8fda86ba
generic_textual MODERATE https://github.com/moodle/moodle/commit/a6f18c98f43b6fc6b8b7c4e96af41cb4a626e1b8
generic_textual MODERATE https://github.com/moodle/moodle/commit/f1f70bd4dde6cd1ea4bdb8ab28fa3d36a53b89d8
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2011-4301
Reference id Reference type URL
http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=f1f70bd4dde6cd1ea4bdb8ab28fa3d36a53b89d8
http://git.moodle.org/gw?p=moodle.git;a=commit;h=f1f70bd4dde6cd1ea4bdb8ab28fa3d36a53b89d8
http://moodle.org/mod/forum/discuss.php?d=188313
https://api.first.org/data/v1/epss?cve=CVE-2011-4301
https://bugzilla.redhat.com/show_bug.cgi?id=747444
https://github.com/moodle/moodle
https://github.com/moodle/moodle/commit/1f52e72526c305989eadc702b5299edb2a50ac3c
https://github.com/moodle/moodle/commit/2a44c5192c875c4f4b4e813d7227b19d8fda86ba
https://github.com/moodle/moodle/commit/a6f18c98f43b6fc6b8b7c4e96af41cb4a626e1b8
https://github.com/moodle/moodle/commit/f1f70bd4dde6cd1ea4bdb8ab28fa3d36a53b89d8
https://nvd.nist.gov/vuln/detail/CVE-2011-4301
GHSA-jcrj-gmr6-p5j8 https://github.com/advisories/GHSA-jcrj-gmr6-p5j8
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.50537
EPSS Score 0.00274
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T12:30:54.136874+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jcrj-gmr6-p5j8/GHSA-jcrj-gmr6-p5j8.json 36.1.3