Description

lib.php in the Submission comments plugin in the Assignment module in Moodle 2.3.x before 2.3.4 and 2.4.x before 2.4.1 allows remote attackers to read or modify the submission comments (aka feedback comments) of arbitrary users via a crafted URI.

Remediation

References

CVE-2012-6102

Related Vulnerabilities

WordPress Plugin Job Manager Cross-Site Scripting (0.7.25)

Oracle Database Server CVE-2015-0483 Vulnerability (CVE-2015-0483)

WordPress Plugin FoxyPress 'uploadify.php' Arbitrary File Upload (0.4.2.1)

WordPress Plugin WP Offload SES Lite Cross-Site Scripting (1.4.4)

WordPress Plugin PollDeep Arbitrary File Upload (1.2)

Severity

Medium

Classification

CVE-2012-6102 CWE-264

Tags

Missing Update Known Vulnerabilities