Description In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services. Remediation References CVE-2016-8643 Related Vulnerabilities Oracle Database Server CVE-2015-4900 Vulnerability (CVE-2015-4900) WebERP Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2018-20420) WordPress Plugin Backup, Restore and Migrate WordPress Sites With the XCloner Security Bypass (4.2.12) phpMyAdmin Improper Restriction of XML External Entity Reference Vulnerability (CVE-2011-4107) Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-5647) Severity Medium Classification CVE-2016-8643 CWE-284 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Tags Missing Update Known Vulnerabilities