WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-5266)

Description

The enrol_meta_sync function in enrol/meta/locallib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to obtain manager privileges in opportunistic circumstances by leveraging incorrect role processing during a long-running sync script.

Remediation

References

Related Vulnerabilities

PHP Use of Externally-Controlled Format String Vulnerability (CVE-2009-3294)

WordPress Plugin Consulting Elementor Widgets Local File Inclusion (1.3.0)

WordPress Plugin NextGEN Gallery-WordPress Gallery Security Bypass (3.1.6)

Apache Tomcat Numeric Errors Vulnerability (CVE-2012-0022)

WordPress Plugin Archive Posts Sort Customize Cross-Site Scripting (1.5)

Severity

Medium

Classification

CVE-2015-5266 CWE-264 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Tags

Missing Update Known Vulnerabilities