Description

lib/formslib.php in Moodle 2.2.x before 2.2.6 and 2.3.x before 2.3.3 allows remote authenticated users to bypass intended access restrictions via a modified value of a frozen form field.

Remediation

References

CVE-2012-5472

Related Vulnerabilities

Zope Web Application Server Other Vulnerability (CVE-2001-0567)

WordPress Plugin UpdraftPlus WordPress Backup Cross-Site Scripting (1.22.8)

Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5498)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-6830)

ATutor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-6521)

Severity

Medium

Classification

CVE-2012-5472 CWE-264

Tags

Missing Update Known Vulnerabilities