Description

course/reset.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 checks an update capability instead of a reset capability, which allows remote authenticated users to bypass intended access restrictions via a reset operation.

Remediation

References

CVE-2012-4408

Related Vulnerabilities

WordPress Plugin Simple Download Monitor Multiple Vulnerabilities (3.9.5.1)

Joomla! Core 3.x.x Security Bypass (3.7.0 - 3.8.11)

Ruby on Rails Resource Management Errors Vulnerability (CVE-2015-7581)

WordPress Plugin SS Downloads Multiple Cross-Site Scripting Vulnerabilities (1.4.4.1)

WordPress Plugin WP-Ban Cross-Site Scripting (1.69)

Severity

Medium

Classification

CVE-2012-4408 CWE-264

Tags

Missing Update Known Vulnerabilities