Description

The choice module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote authenticated users to bypass intended access restrictions by visiting a URL to add or delete responses in the closed state.

Remediation

References

CVE-2015-5342

Related Vulnerabilities

Oracle JRE CVE-2013-2446 Vulnerability (CVE-2013-2446)

Apache Tomcat CVE-2023-34981 Vulnerability (CVE-2023-34981)

PHP Use of Externally-Controlled Format String Vulnerability (CVE-2009-0754)

Envoy Proxy Out-of-bounds Write Vulnerability (CVE-2019-18801)

WordPress Plugin Olevmedia Shortcodes Multiple Cross-Site Scripting Vulnerabilities (1.1.9)

Severity

Medium

Classification

CVE-2015-5342 CWE-264 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities