#VU39809 Improper access control in Moodle - CVE-2016-8642
Published: January 20, 2017 / Updated: August 8, 2020
Vulnerability identifier: #VU39809
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2016-8642
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Moodle
Moodle
Software vendor:
moodle.org
moodle.org
Description
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
In Moodle 2.x and 3.x, the question engine allows access to files that should not be available.
Remediation
Install update from vendor's website.