VulnerableCode Vulnerability Details - VCID-j6nc-cnze-53dr

Search for vulnerabilities

Vulnerability details: VCID-j6nc-cnze-53dr

Essentials
Severities (11)
References (11)
Severity details (9)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-j6nc-cnze-53dr
Aliases	CVE-2011-4203 GHSA-4w8m-96v9-2c86
Summary	Moodle CRLF Injection Vulnerability in Calendar Component CRLF injection vulnerability in calendar/set.php in the Calendar component in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, 2.1.x before 2.1.3, and 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors involving the url variable.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (5)

CWE-113	Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
CWE-93	Improper Neutralization of CRLF Sequences ('CRLF Injection')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-94	Improper Control of Generation of Code ('Code Injection')

System	Score	Found at
generic_textual	MODERATE	http://penturalabs.wordpress.com/2011/12/13/advisory-crlf-injection-vulnerability-in-moodle
epss	0.00245	https://api.first.org/data/v1/epss?cve=CVE-2011-4203
epss	0.00245	https://api.first.org/data/v1/epss?cve=CVE-2011-4203
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-4w8m-96v9-2c86
generic_textual	MODERATE	https://github.com/moodle/moodle
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/581e8dba387f090d89382115fd850d8b44351526
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/ae7cc577b7115a7ad7a68dc4986aca9e2bda2cf5
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/bc577df6a974606fcb0882b090b00ea5a4e10cf6
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/e311b14364719b0f7851149ee51c1a4ec732635e
generic_textual	MODERATE	https://moodle.org/mod/forum/discuss.php?d=191754
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2011-4203

Reference id	Reference type	URL
		http://penturalabs.wordpress.com/2011/12/13/advisory-crlf-injection-vulnerability-in-moodle
		http://penturalabs.wordpress.com/2011/12/13/advisory-crlf-injection-vulnerability-in-moodle/
		https://api.first.org/data/v1/epss?cve=CVE-2011-4203
		https://github.com/moodle/moodle
		https://github.com/moodle/moodle/commit/581e8dba387f090d89382115fd850d8b44351526
		https://github.com/moodle/moodle/commit/ae7cc577b7115a7ad7a68dc4986aca9e2bda2cf5
		https://github.com/moodle/moodle/commit/bc577df6a974606fcb0882b090b00ea5a4e10cf6
		https://github.com/moodle/moodle/commit/e311b14364719b0f7851149ee51c1a4ec732635e
		https://moodle.org/mod/forum/discuss.php?d=191754
		https://nvd.nist.gov/vuln/detail/CVE-2011-4203
GHSA-4w8m-96v9-2c86		https://github.com/advisories/GHSA-4w8m-96v9-2c86

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.47706
EPSS Score	0.00245
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:29:27.456416+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4w8m-96v9-2c86/GHSA-4w8m-96v9-2c86.json	36.1.3