Description

The capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of other users.

Remediation

References

CVE-2016-3732

Related Vulnerabilities

WordPress Plugin Contact Form by WPForms-Drag & Drop Form Builder for WordPress Cross-Site Scripting (1.5.8.2)

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Cross-Site Request Forgery (2.0.39)

OpenSSL Inefficient Regular Expression Complexity Vulnerability (CVE-2023-3446)

WordPress Plugin AVH Extended Categories Widgets SQL Injection (4.0.0)

Oracle Application Server Other Vulnerability (CVE-2002-0560)

Severity

Medium

Classification

CVE-2016-3732 CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities