Description
The time-validation implementation in (1) mod/feedback/complete.php and (2) mod/feedback/complete_guest.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote authenticated users to bypass intended restrictions on starting a Feedback activity by choosing an unavailable time.
Remediation
References
Related Vulnerabilities
Magento Improper Input Validation Vulnerability (CVE-2022-42344)
SharePoint Origin Validation Error Vulnerability (CVE-2020-16951)
WordPress Plugin Tickera-WordPress Event Ticketing Unspecified Vulnerability (3.4.6.7)
WordPress Plugin RSS Redirect & Feedburner Alternative Unspecified Vulnerability (1.9)
WordPress Improper Input Validation Vulnerability (CVE-2014-9038)