Description

webservice/lib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly restrict the use of web-service tokens, which allows remote authenticated users to run arbitrary external-service functions via a token intended for only one service.

Remediation

References

CVE-2012-4402

Related Vulnerabilities

Lightbox Gallery Cross-Site Scripting (0.9.4)

MySQL CVE-2016-8283 Vulnerability (CVE-2016-8283)

Apache HTTP Server Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2007-6420)

Oracle JRE CVE-2020-2778 Vulnerability (CVE-2020-2778)

Apache Traffic Server Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2021-43082)

Severity

Medium

Classification

CVE-2012-4402 CWE-264

Tags

Missing Update Known Vulnerabilities