Description

badges/mybadges.php in Moodle 2.5.x before 2.5.5 and 2.6.x before 2.6.2 does not properly track the user to whom a badge was issued, which allows remote authenticated users to modify the visibility of an arbitrary badge via unspecified vectors.

Remediation

References

CVE-2014-0129

Related Vulnerabilities

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-4522)

WordPress Plugin Social Share Buttons-Social Pug Cross-Site Scripting (1.2.5)

PHP Improper Input Validation Vulnerability (CVE-2013-3735)

WordPress Plugin Youtube Channel Gallery Cross-Site Scripting (2.4)

WordPress Plugin CM Pop-Up banners for WordPress Cross-Site Scripting (1.4.10)

Severity

Medium

Classification

CVE-2014-0129 CWE-264

Tags

Missing Update Known Vulnerabilities