Description

The "restore teacher" feature in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to overwrite the course idnumber.

Remediation

References

CVE-2016-3733

Related Vulnerabilities

WordPress Cross-Site Scripting Vulnerability (3.9.3 - 4.2)

XOOPS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-7290)

MySQL CVE-2016-5442 Vulnerability (CVE-2016-5442)

Apache Tomcat Other Vulnerability (CVE-2011-1183)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2007-4033)

Severity

Medium

Classification

CVE-2016-3733 CWE-284 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities