Main Vulnerability Database Vulnerabilities #VU38992

#VU38992 Improper Privilege Management in Moodle - CVE-2017-7489

Published: May 15, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU38992

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-7489

CWE-ID: CWE-269

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Moodle

Software vendor:
moodle.org

Description

The vulnerability allows a remote authenticated user to read and manipulate data.

In Moodle 2.x and 3.x, remote authenticated users can take ownership of arbitrary blogs by editing an external blog link.

Install update from vendor's website.