Description

The lesson module in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to bypass intended access restrictions and enter additional answer attempts by leveraging the student role.

Remediation

References

CVE-2015-5264

Related Vulnerabilities

WordPress Plugin Uploadify Integration Multiple Cross-Site Scripting Vulnerabilities (0.9.6)

WordPress Plugin Bird Feeder Multiple Vulnerabilities (1.2.3)

Beego Framework Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2024-40465)

WordPress Plugin Book appointment online Cross-Site Scripting (1.38)

EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-3539)

Severity

Medium

Classification

CVE-2015-5264 CWE-264 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities