Description
mod/assign/externallib.php in Moodle 2.6.x before 2.6.2 does not properly handle assignment web-service parameters, which might allow remote authenticated users to modify grade metadata via unspecified vectors.
Remediation
References
Related Vulnerabilities
Magento Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-8707)
MongoDb Insertion of Sensitive Information into Log File Vulnerability (CVE-2025-6711)
WordPress Plugin JiangQie Official Website Mini Program SQL Injection (1.1.0)
Internet Information Services Integer Overflow or Wraparound Vulnerability (CVE-2008-1446)