Main Vulnerability Database Vulnerabilities #VU43147

Permissions, Privileges, and Access Controls in Moodle - CVE-2012-6102

Published: January 28, 2013 / Updated: August 11, 2020

Vulnerability identifier: #VU43147

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2012-6102

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: moodle.org

Affected software:
Moodle

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

lib.php in the Submission comments plugin in the Assignment module in Moodle 2.3.x before 2.3.4 and 2.4.x before 2.4.1 allows remote attackers to read or modify the submission comments (aka feedback comments) of arbitrary users via a crafted URI.

How to mitigate CVE-2012-6102

Install update from vendor's website.

Sources

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37244
http://openwall.com/lists/oss-security/2013/01/21/1
https://moodle.org/mod/forum/discuss.php?d=220163

Permissions, Privileges, and Access Controls in Moodle - CVE-2012-6102

Detailed vulnerability description

How to mitigate CVE-2012-6102

Sources

Please verify you're human