WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-5266)

Description

The enrol_meta_sync function in enrol/meta/locallib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to obtain manager privileges in opportunistic circumstances by leveraging incorrect role processing during a long-running sync script.

Remediation

References

Related Vulnerabilities

WordPress Plugin Simple Ads Manager Denial of Service (2.9.3.114)

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-6211)

WordPress Plugin Lana Email Logger Cross-Site Scripting (1.0.2)

Atlassian Jira CVE-2018-5231 Vulnerability (CVE-2018-5231)

OpenSSL NULL Pointer Dereference Vulnerability (CVE-2021-23841)

Severity

Medium

Classification

CVE-2015-5266 CWE-264 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Tags

Missing Update Known Vulnerabilities