Description

mod/forum/unsubscribeall.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not consider whether a forum is optional, which allows remote authenticated users to bypass forum-subscription requirements by leveraging the student role and unsubscribing from all forums.

Remediation

References

CVE-2012-3392

Related Vulnerabilities

WordPress Plugin WC Duplicate Order Unspecified Vulnerability (1.3)

Moodle Credentials Management Errors Vulnerability (CVE-2014-7845)

WordPress Plugin Updater by BestWebSoft Cross-Site Scripting (1.34)

WordPress Plugin Active Products Tables for WooCommerce. Best and Professional products tables for WooCommerce store Cross-Site Scripting (1.0.3.1)

Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-4029)

Severity

Medium

Classification

CVE-2012-3392

Tags

Missing Update Known Vulnerabilities