Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-7832)

Description

mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 performs access control at the course level rather than at the activity level, which allows remote authenticated users to bypass the mod/lti:view capability requirement by viewing an activity instance.

Remediation

References

Related Vulnerabilities

MongoDb Improper Certificate Validation Vulnerability (CVE-2023-1409)

Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2009-3946)

Jetty Insufficient Session Expiration Vulnerability (CVE-2021-34428)

MediaWiki Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-1190)

WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.35)

Severity

Medium

Classification

CVE-2014-7832 CWE-264

Tags

Missing Update Known Vulnerabilities