Description

The time-validation implementation in (1) mod/feedback/complete.php and (2) mod/feedback/complete_guest.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote authenticated users to bypass intended restrictions on starting a Feedback activity by choosing an unavailable time.

Remediation

References

CVE-2014-0127

Related Vulnerabilities

Vanilla Forums Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-3527)

Ruby on Rails Improper Input Validation Vulnerability (CVE-2013-3221)

WordPress 4.7.x Multiple Vulnerabilities (4.7 - 4.7.23)

PHP Other Vulnerability (CVE-2009-4017)

WordPress Plugin Toolset Types-Custom Post Types, Custom Fields and Taxonomies Privilege Escalation (2.3.3)

Severity

Medium

Classification

CVE-2014-0127 CWE-264

Tags

Missing Update Known Vulnerabilities