Main Vulnerability Database Vulnerabilities #VU48448

#VU48448 Improper access control in Moodle - CVE-2020-25700

Published: November 16, 2020

Vulnerability identifier: #VU48448

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-25700

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Moodle

Software vendor:
moodle.org

Description

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to some database module web services allowed students to add entries within groups they did not belong to. A remote user can bypass implemented security restrictions and gain unauthorized access to the application.

Remediation

Install updates from vendor's website.

External links

https://moodle.org/mod/forum/discuss.php?d=413938

#VU48448 Improper access control in Moodle - CVE-2020-25700

Description

Remediation

External links

Please verify you're human