Description

The "restore teacher" feature in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to overwrite the course idnumber.

Remediation

References

CVE-2016-3733

Related Vulnerabilities

WordPress Plugin Classified Listing Store & Membership Cross-Site Scripting (1.4.19)

Oracle JRE CVE-2018-2588 Vulnerability (CVE-2018-2588)

WordPress Plugin Wbcom Designs-BuddyPress Group Reviews Security Bypass (2.8.3)

PrestaShop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-15083)

WordPress Plugin Influencer Marketing & Press Release System Cross-Site Scripting (2.2)

Severity

Medium

Classification

CVE-2016-3733 CWE-284 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities