Description

mod/data/preset.php in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not properly iterate through an array, which allows remote authenticated users to overwrite arbitrary database activity presets via unspecified vectors.

Remediation

References

CVE-2012-2366

Related Vulnerabilities

XOOPS Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2008-0613)

WordPress Plugin WP BaiDu Submit Cross-Site Scripting (1.2.1)

Apache Tomcat 7PK - Errors Vulnerability (CVE-2016-8745)

WebLogic CVE-2022-21453 Vulnerability (CVE-2022-21453)

Ruby on Rails Improper Input Validation Vulnerability (CVE-2010-3933)

Severity

Medium

Classification

CVE-2012-2366

Tags

Missing Update Known Vulnerabilities