Description
lib/db/upgrade.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not set the correct registration_hubs.secret value during installation, which allows remote attackers to bypass intended access restrictions by leveraging the hubs feature.
Remediation
References
Related Vulnerabilities
MySQL Other Vulnerability (CVE-2002-1921)
phpMyAdmin Other Vulnerability (CVE-2007-0095)
WordPress Plugin All-in-One WP Migration Remote Code Execution (2.0.2)
MediaWiki Improper Access Control Vulnerability (CVE-2015-8001)
WordPress Plugin WP Responsive Testimonials Slider And Widget Cross-Site Scripting (1.5)