VYPR
Unrated severityNVD Advisory· Published Sep 19, 2012· Updated Jun 16, 2026

CVE-2012-4402

CVE-2012-4402

Description

webservice/lib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly restrict the use of web-service tokens, which allows remote authenticated users to run arbitrary external-service functions via a token intended for only one service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

16
  • Moodle/Moodle16 versions
    cpe:2.3:a:moodle:moodle:2.1.0:*:*:*:*:*:*:*+ 15 more
    • cpe:2.3:a:moodle:moodle:2.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*
    • (no CPE)range: >=2.1.0,<2.1.8 || >=2.2.0,<2.2.5 || >=2.3.0,<2.3.2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.