VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Apr 16, 2026

CVE-2004-2237

CVE-2004-2237

Description

An unpatched string handling flaw in Moodle before 1.3.4 can lead to attacks of undisclosed impact or attack vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An unpatched string handling flaw in Moodle before 1.3.4 can lead to attacks of undisclosed impact or attack vectors.

Vulnerability

A string handling vulnerability exists in Moodle versions prior to the 1.3.4 release [1]. The exact nature of the flaw is not publicly described, but it is triggered through processing of strings in Moodle texts [1]. No specific configuration or special privileges are required to reach the vulnerable code path, as the issue affects default text input fields.

Exploitation

An attacker can exploit this vulnerability by providing specially crafted strings in Moodle texts [1]. No authentication or elevated privileges are necessary; the attacker only needs the ability to submit text content to the application. The attack vector is remote via the web interface.

Impact

Successful exploitation of this vulnerability could result in unknown consequences [1]. Based on the limited disclosure, potential impacts include information disclosure or unauthorized modification of data, but the severity and exact mechanism remain undisclosed.

Mitigation

The vulnerability is fixed in Moodle version 1.3.4 [1]. Users are advised to upgrade to this or a later version. No workaround has been published. Moodle 1.3.4 was released on 26 May 2004.

References
  1. About Secunia Research | Flexera

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

8
  • Moodle/Moodle8 versions
    cpe:2.3:a:moodle:moodle:1.1.1:*:*:*:*:*:*:*+ 7 more
    • cpe:2.3:a:moodle:moodle:1.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.3.3:*:*:*:*:*:*:*
    • (no CPE)range: < 1.3.4

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.