Description

The choice module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote authenticated users to bypass intended access restrictions by visiting a URL to add or delete responses in the closed state.

Remediation

References

CVE-2015-5342

Related Vulnerabilities

MySQL CVE-2021-2122 Vulnerability (CVE-2021-2122)

Apache Tomcat Improper Input Validation Vulnerability (CVE-2009-0033)

Chamilo Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-38745)

Beego Framework Improper Certificate Validation Vulnerability (CVE-2024-40464)

WordPress Plugin MapPress Maps for WordPress Security Bypass (2.54.5)

Severity

Medium

Classification

CVE-2015-5342 CWE-264 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities