Description

The user editing form in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to edit profile fields locked by the administrator.

Remediation

References

CVE-2016-3729

Related Vulnerabilities

Oracle Database Server CVE-2013-5764 Vulnerability (CVE-2013-5764)

Liferay Portal Deserialization of Untrusted Data Vulnerability (CVE-2020-15842)

OpenVPN AS Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2020-36382)

Oracle Database Server CVE-2008-2587 Vulnerability (CVE-2008-2587)

WordPress Plugin Another WordPress Classifieds Arbitrary File Upload (3.3.2)

Severity

Medium

Classification

CVE-2016-3729 CWE-284 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities