Description
badges/mybadges.php in Moodle 2.5.x before 2.5.5 and 2.6.x before 2.6.2 does not properly track the user to whom a badge was issued, which allows remote authenticated users to modify the visibility of an arbitrary badge via unspecified vectors.
Remediation
References
Related Vulnerabilities
Jenkins Other Vulnerability (CVE-2020-2100)
Craft CMS Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2019-15929)
WordPress Other Vulnerability (CVE-2007-3239)
WordPress Plugin Easy Testimonials Cross-Site Request Forgery (3.6.1)
WordPress Plugin Simple Gmail Login Stack Trace Information Disclosure (1.1.3)