Main Vulnerability Database Vulnerabilities #VU40463

Permissions, Privileges, and Access Controls in Moodle - CVE-2015-5272

Published: February 22, 2016 / Updated: August 9, 2020

Vulnerability identifier: #VU40463

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2015-5272

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: moodle.org

Affected software:
Moodle

Detailed vulnerability description

The vulnerability allows a remote authenticated user to manipulate data.

The Forum module in Moodle 2.7.x before 2.7.10 allows remote authenticated users to post to arbitrary groups by leveraging the teacher role, as demonstrated by a post directed to "all participants."

How to mitigate CVE-2015-5272

Install update from vendor's website.

Sources

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50576
http://www.openwall.com/lists/oss-security/2015/09/21/1
http://www.securitytracker.com/id/1033619
https://moodle.org/mod/forum/discuss.php?d=320288

Permissions, Privileges, and Access Controls in Moodle - CVE-2015-5272

Detailed vulnerability description

How to mitigate CVE-2015-5272

Sources

Please verify you're human