Description

A vulnerability was found in Moodle. Additional checks are required to ensure users can only fetch the list of course badges for courses that they are intended to have access to.

Remediation

References

CVE-2024-48899

Related Vulnerabilities

WordPress Plugin Newsletter-Send awesome emails from WordPress SQL Injection (3.0.8)

WordPress Plugin Twitter Button by BestWebSoft Cross-Site Scripting (2.54)

Sqlite Improper Input Validation Vulnerability (CVE-2017-13685)

Family Connections Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-0699)

Zope Web Application Server Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2012-5507)

Severity

Medium

Classification

CVE-2024-48899 CWE-639 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities