WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-3273)

Description

mod/forum/post.php in Moodle 2.9.x before 2.9.1 does not consider the mod/forum:canposttomygroups capability before authorizing "Post a copy to all groups" actions, which allows remote authenticated users to bypass intended access restrictions by leveraging per-group authorization.

Remediation

References

Related Vulnerabilities

Grafana Improper Authentication Vulnerability (CVE-2022-39229)

WordPress Plugin Occasions Cross-Site Request Forgery (1.0.4)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-1915)

WordPress Plugin Web Stories Server-Side Request Forgery (1.24.0)

WordPress Plugin Booster for WooCommerce Multiple Cross-Site Scripting Vulnerabilities (5.4.8)

Severity

Medium

Classification

CVE-2015-3273 CWE-264 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities