Description

badges/mybadges.php in Moodle 2.5.x before 2.5.5 and 2.6.x before 2.6.2 does not properly track the user to whom a badge was issued, which allows remote authenticated users to modify the visibility of an arbitrary badge via unspecified vectors.

Remediation

References

CVE-2014-0129

Related Vulnerabilities

Sqlite Other Vulnerability (CVE-2022-46908)

Joomla! Core 3.x.x Multiple Cross-Site Scripting Vulnerabilities (3.0.0 - 3.8.7)

Artifactory Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-10321)

MySQL CVE-2015-4752 Vulnerability (CVE-2015-4752)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-34911)

Severity

Medium

Classification

CVE-2014-0129 CWE-264

Tags

Missing Update Known Vulnerabilities