Description
The choice module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote authenticated users to bypass intended access restrictions by visiting a URL to add or delete responses in the closed state.
Remediation
References
Related Vulnerabilities
Sqlite Use After Free Vulnerability (CVE-2020-11656)
Oracle Database Server CVE-2019-2517 Vulnerability (CVE-2019-2517)
WordPress Plugin Woody ad snippets-Insert Header Footer Code, AdSense Ads Security Bypass (2.2.5)
Oracle Application Server CVE-2008-0340 Vulnerability (CVE-2008-0340)
WordPress Plugin 1 Flash Gallery Cross-Site Scripting and SQL Injection Vulnerabilities (0.2.5)