Description

The lesson module in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to bypass intended access restrictions and enter additional answer attempts by leveraging the student role.

Remediation

References

CVE-2015-5264

Related Vulnerabilities

Apache Tomcat Improper Input Validation Vulnerability (CVE-2013-4322)

WordPress Plugin VO Store Locator-WP Store Locator Unspecified Vulnerability (3.2.14)

WordPress Plugin Knews Multilingual Newsletters 'ff' Parameter Cross-Site Scripting (1.1.0)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2017-11628)

WordPress Plugin Magic Post Voice Cross-Site Scripting (1.2)

Severity

Medium

Classification

CVE-2015-5264 CWE-264 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities