Description

mod/forum/externallib.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not verify group permissions, which allows remote authenticated users to access a forum via the forum_get_discussions web service.

Remediation

References

CVE-2014-7834

Related Vulnerabilities

WordPress Plugin Nelio AB Testing Directory Traversal (4.4.4)

WordPress Plugin SS Downloads Multiple Cross-Site Scripting Vulnerabilities (1.4.4.1)

WordPress Plugin Contact Form by BestWebSoft Cross-Site Request Forgery (3.82)

Serendipity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-5314)

Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-16942)

Severity

Medium

Classification

CVE-2014-7834 CWE-264

Tags

Missing Update Known Vulnerabilities