Description
message/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to bypass a messaging-disabled setting via a web-services request, as demonstrated by a people-search request.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2024-21058 Vulnerability (CVE-2024-21058)
WordPress Plugin Thrive Quiz Builder Security Bypass (2.3.9.3)
WordPress Plugin Conditional Payments for WooCommerce Cross-Site Request Forgery (2.3.1)
WordPress Plugin Admin Management Xtended Privilege Escalation (2.4.0)
IBM RTC Improper Restriction of XML External Entity Reference Vulnerability (CVE-2021-20502)