Description

The Forum module in Moodle 2.7.x before 2.7.10 allows remote authenticated users to post to arbitrary groups by leveraging the teacher role, as demonstrated by a post directed to "all participants."

Remediation

References

CVE-2015-5272

Related Vulnerabilities

Python Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2004-0150)

XWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2023-34466)

Lighttpd Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-4359)

WordPress Plugin Stars Menu Cross-Site Scripting (1.0.1)

WordPress Plugin Arigato Autoresponder and Newsletter Cross-Site Scripting (2.7.1.1)

Severity

Medium

Classification

CVE-2015-5272 CWE-264 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities