Main Vulnerability Database Vulnerabilities #VU40453

Permissions, Privileges, and Access Controls in Moodle - CVE-2015-5342

Published: February 22, 2016 / Updated: August 9, 2020

Vulnerability identifier: #VU40453

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2015-5342

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: moodle.org

Affected software:
Moodle

Detailed vulnerability description

The vulnerability allows a remote authenticated user to manipulate data.

The choice module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote authenticated users to bypass intended access restrictions by visiting a URL to add or delete responses in the closed state.

How to mitigate CVE-2015-5342

Install update from vendor's website.

Sources

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51569
https://moodle.org/mod/forum/discuss.php?d=323237

Permissions, Privileges, and Access Controls in Moodle - CVE-2015-5342

Detailed vulnerability description

How to mitigate CVE-2015-5342

Sources

Please verify you're human