Main Vulnerability Database Vulnerabilities #VU40453

#VU40453 Permissions, Privileges, and Access Controls in Moodle - CVE-2015-5342

Published: February 22, 2016 / Updated: August 9, 2020

Vulnerability identifier: #VU40453

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2015-5342

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Moodle

Software vendor:
moodle.org

Description

The vulnerability allows a remote authenticated user to manipulate data.

The choice module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote authenticated users to bypass intended access restrictions by visiting a URL to add or delete responses in the closed state.

Remediation

Install update from vendor's website.

External links

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51569
https://moodle.org/mod/forum/discuss.php?d=323237

#VU40453 Permissions, Privileges, and Access Controls in Moodle - CVE-2015-5342

Description

Remediation

External links

Please verify you're human