Unrated severityNVD Advisory· Published Dec 16, 2009· Updated Jun 16, 2026
CVE-2009-4301
CVE-2009-4301
Description
mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7, when MNET services are enabled, does not properly check permissions, which allows remote authenticated servers to execute arbitrary MNET functions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
16cpe:2.3:a:moodle:moodle:1.8.1:*:*:*:*:*:*:*+ 15 more
- cpe:2.3:a:moodle:moodle:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.8.10:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.8.9:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.6:*:*:*:*:*:*:*
- (no CPE)range: <=1.8.10, <=1.9.6
Patches
Vulnerability mechanics
References
11- cvs.moodle.org/moodle/mnet/lib.phpnvdPatch
- cvs.moodle.org/moodle/mnet/lib.phpnvdPatch
- docs.moodle.org/en/Moodle_1.8.11_release_notesnvdPatch
- docs.moodle.org/en/Moodle_1.9.7_release_notesnvdPatch
- moodle.org/mod/forum/discuss.phpnvdPatchVendor Advisory
- www.securityfocus.com/bid/37244nvdPatch
- secunia.com/advisories/37614nvdVendor Advisory
- www.vupen.com/english/advisories/2009/3455nvdVendor Advisory
- www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2009-December/msg00751.htmlnvd
News mentions
0No linked articles in our index yet.