{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-26T15:25:57.429","vulnerabilities":[{"cve":{"id":"CVE-2018-1081","sourceIdentifier":"secalert@redhat.com","published":"2018-04-04T21:29:00.213","lastModified":"2024-11-21T03:59:08.370","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was verified, otherwise admin email can be spammed."},{"lang":"es","value":"Se ha encontrado un error en Moodle 3.4 a 3.4.1, 3.3 a 3.3.4, 3.2 a 3.2.7 y 3.1 a 3.1.10, así como en versiones anteriores sin soporte. Los usuarios no autenticados pueden desencadenar mensajes personalizados para los administradores mediante un script de registro en paypal. El script de devolución de llamada IPN de Paypal solo debería enviar emails de error a admin tras haber verificado el origen de la petición; de otra forma, se puede spamear el email del admin."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","versionEndIncluding":"3.0.10","matchCriteriaId":"AEE2C318-E06D-4270-836A-48F07562EE3A"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","versionStartIncluding":"3.1","versionEndIncluding":"3.1.10","matchCriteriaId":"200A00D3-4328-447E-BB8C-24EF31AF7346"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2","versionEndIncluding":"3.2.7","matchCriteriaId":"F93C840D-2475-4690-AB3E-BDAE71ED021F"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","versionStartIncluding":"3.3","versionEndIncluding":"3.3.4","matchCriteriaId":"66AD26A5-3BB1-4C20-9017-F649D05EB12F"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","versionStartIncluding":"3.4.0","versionEndIncluding":"3.4.1","matchCriteriaId":"EC5A1734-A655-46D2-B320-F3DF8AA822B6"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/103728","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-61392","source":"secalert@redhat.com","tags":["Patch","Vendor Advisory"]},{"url":"https://moodle.org/mod/forum/discuss.php?d=367938","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/103728","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-61392","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://moodle.org/mod/forum/discuss.php?d=367938","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}