Description
Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass an activity's read-only state and modify the database by leveraging the student role and editing database activity entries that already exist.
Remediation
References
Related Vulnerabilities
WordPress 7PK - Security Features Vulnerability (CVE-2014-9039)
WordPress Plugin Shariff for WordPress Cross-Site Scripting (1.0.7)
Coppermine Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-7187)
PHP CVE-2009-3559 Vulnerability (CVE-2009-3559)
WordPress Plugin All-In-One Security (AIOS)-Security and Firewall SQL Injection (4.0.8)