Description

In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services.

Remediation

References

CVE-2016-8643

Related Vulnerabilities

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-4403)

Plone CMS Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-7293)

WordPress Plugin Import Spreadsheets from Microsoft Excel Cross-Site Scripting (10.1.3)

Oracle Database Server CVE-2006-1873 Vulnerability (CVE-2006-1873)

WordPress Plugin Quiz and Survey Master (QSM)-Easy Quiz and Survey Maker Multiple Vulnerabilities (7.3.10)

Severity

Medium

Classification

CVE-2016-8643 CWE-284 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities