Description
badges/mybadges.php in Moodle 2.5.x before 2.5.5 and 2.6.x before 2.6.2 does not properly track the user to whom a badge was issued, which allows remote authenticated users to modify the visibility of an arbitrary badge via unspecified vectors.
Remediation
References
Related Vulnerabilities
Oracle Database Server Other Vulnerability (CVE-2006-1869)
PHP Improper Input Validation Vulnerability (CVE-2007-3998)
PHP Resource Management Errors Vulnerability (CVE-2010-1917)
MySQL CVE-2020-14575 Vulnerability (CVE-2020-14575)
WordPress Plugin Contextual Related Posts Cross-Site Request Forgery (1.8.6)