Main Vulnerability Database Vulnerabilities #VU39161

Improper access control in Moodle - CVE-2016-3733

Published: April 21, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU39161

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-3733

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: moodle.org

Affected software:
Moodle

Detailed vulnerability description

The vulnerability allows a remote authenticated user to manipulate data.

The "restore teacher" feature in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to overwrite the course idnumber.

How to mitigate CVE-2016-3733

Install update from vendor's website.

Sources

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51369
http://www.openwall.com/lists/oss-security/2016/05/17/4
http://www.securitytracker.com/id/1035902
https://bugzilla.redhat.com/show_bug.cgi?id=1335933

Improper access control in Moodle - CVE-2016-3733

Detailed vulnerability description

How to mitigate CVE-2016-3733

Sources

Please verify you're human