Description

The user editing form in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to edit profile fields locked by the administrator.

Remediation

References

CVE-2016-3729

Related Vulnerabilities

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-7849)

WebLogic CVE-2018-3213 Vulnerability (CVE-2018-3213)

Microsoft SQL Server CVE-2023-36730 Vulnerability (CVE-2023-36730)

WordPress Plugin JW Player 6 Cross-Site Scripting (2.1.14)

WordPress Plugin Better Click To Tweet Unspecified Vulnerability (5.1)

Severity

Medium

Classification

CVE-2016-3729 CWE-284 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities