Description

The user editing form in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to edit profile fields locked by the administrator.

Remediation

References

CVE-2016-3729

Related Vulnerabilities

WordPress Plugin JC Coupon Cross-Site Scripting (2.5)

MySQL CVE-2015-4862 Vulnerability (CVE-2015-4862)

Coppermine Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-3923)

Joomla! Core 1.6.x Cross-Site Scripting (1.6.0 - 1.6.3)

MySQL CVE-2019-2802 Vulnerability (CVE-2019-2802)

Severity

Medium

Classification

CVE-2016-3729 CWE-284 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities