Description
lib/formslib.php in Moodle 2.2.x before 2.2.6 and 2.3.x before 2.3.3 allows remote authenticated users to bypass intended access restrictions via a modified value of a frozen form field.
Remediation
References
Related Vulnerabilities
Apache Tomcat Missing Encryption of Sensitive Data Vulnerability (CVE-2026-34486)
Atlassian Confluence Uncontrolled Search Path Element Vulnerability (CVE-2021-43940)
WordPress 4.3.x Denial of Service Vulnerability (4.3 - 4.3.15)
WordPress Plugin Gravity Forms Advanced File Uploader Unspecified Vulnerability (1.18)