Description

mod/assign/externallib.php in Moodle 2.6.x before 2.6.2 does not properly handle assignment web-service parameters, which might allow remote authenticated users to modify grade metadata via unspecified vectors.

Remediation

References

CVE-2014-2572

Related Vulnerabilities

Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.10)

WordPress Plugin EWWW Image Optimizer Denial of Service (6.0.1)

WordPress Plugin Neuvoo Jobs Cross-Site Scripting (2.0)

XWiki Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-24897)

WordPress Plugin Flash Photo Gallery Cross-Site Scripting (0.7)

Severity

Medium

Classification

CVE-2014-2572 CWE-264

Tags

Missing Update Known Vulnerabilities