Description

mod/data/preset.php in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not properly iterate through an array, which allows remote authenticated users to overwrite arbitrary database activity presets via unspecified vectors.

Remediation

References

CVE-2012-2366

Related Vulnerabilities

WordPress Plugin Simple Business Directory with Maps PHP Object Injection (3.6.0)

MySQL CVE-2016-5439 Vulnerability (CVE-2016-5439)

WordPress Plugin Advanced Custom Fields (ACF) Cross-Site Scripting (4.4.3)

Oracle JRE CVE-2013-1480 Vulnerability (CVE-2013-1480)

Question2Answer Improper Input Validation Vulnerability (CVE-2017-12775)

Severity

Medium

Classification

CVE-2012-2366

Tags

Missing Update Known Vulnerabilities