Description

The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass intended capability requirements and save questions via a save_question action.

Remediation

References

CVE-2012-2356

Related Vulnerabilities

Moodle CVE-2023-23923 Vulnerability (CVE-2023-23923)

Drupal Core 9.3.x Cross-Site Scripting (9.3.0 - 9.3.18)

MediaWiki URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-19709)

MySQL CVE-2019-2507 Vulnerability (CVE-2019-2507)

MySQL CVE-2020-14791 Vulnerability (CVE-2020-14791)

Severity

Medium

Classification

CVE-2012-2356 CWE-264

Tags

Missing Update Known Vulnerabilities