Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Improper Access Control Vulnerability (CVE-2016-8642)

Description

In Moodle 2.x and 3.x, the question engine allows access to files that should not be available.

Remediation

References

Related Vulnerabilities

WordPress Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-0616)

Apache HTTP Server Improper Locking Vulnerability (CVE-2009-2699)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-42115)

ProjectSend Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2024-7658)

e107 Other Vulnerability (CVE-2004-2031)

Severity

Medium

Classification

CVE-2016-8642 CWE-284 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities