Description

Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass question:use* capability requirements and add arbitrary questions to a quiz via the questions feature.

Remediation

References

CVE-2012-2355

Related Vulnerabilities

WordPress Plugin MapPress Maps for WordPress Security Bypass (2.54.5)

MySQL CVE-2020-14672 Vulnerability (CVE-2020-14672)

WordPress Plugin YITH WooCommerce Product Add-Ons Multiple Vulnerabilities (2.0.7)

Joomla! Core 3.x.x Cross-Site Scripting (3.0.0 - 3.9.11)

Drupal Core 8.8.x Cross-Site Request Forgery (8.8.0 - 8.8.7)

Severity

Medium

Classification

CVE-2012-2355 CWE-264

Tags

Missing Update Known Vulnerabilities