Description

mod/data/preset.php in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not properly iterate through an array, which allows remote authenticated users to overwrite arbitrary database activity presets via unspecified vectors.

Remediation

References

CVE-2012-2366

Related Vulnerabilities

WordPress Plugin Google Maps by BestWebSoft Cross-Site Scripting (1.3.5)

WordPress Plugin WordPress+Microsoft Office 365/Azure AD-LOGIN Unspecified Vulnerability (11.6)

WordPress Plugin U BuddyPress Forum Attachment 'fileurl' Parameter Remote File Disclosure (1.1.1)

WordPress Plugin Localize My Post Local File Inclusion (1.0)

Craft CMS Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-36260)

Severity

Medium

Classification

CVE-2012-2366

Tags

Missing Update Known Vulnerabilities