Description

The enrol_meta_sync function in enrol/meta/locallib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to obtain manager privileges in opportunistic circumstances by leveraging incorrect role processing during a long-running sync script.

Remediation

References

CVE-2015-5266

Related Vulnerabilities

WordPress Plugin WP Academic People List Cross-Site Scripting (0.4.1)

WebLogic CVE-2018-3191 Vulnerability (CVE-2018-3191)

WordPress Plugin LearnPress-WordPress LMS Arbitrary File Write (3.2.2)

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Cross-Site Scripting (3.5.8.1)

WordPress Plugin Allow PHP in Posts and Pages 'id' Parameter SQL Injection (2.0.0.RC1)

Severity

Medium

Classification

CVE-2015-5266 CWE-264 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities