Description
The user editing form in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to edit profile fields locked by the administrator.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2013-5764 Vulnerability (CVE-2013-5764)
Liferay Portal Deserialization of Untrusted Data Vulnerability (CVE-2020-15842)
OpenVPN AS Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2020-36382)
Oracle Database Server CVE-2008-2587 Vulnerability (CVE-2008-2587)
WordPress Plugin Another WordPress Classifieds Arbitrary File Upload (3.3.2)