Description

Moodle 2.9.x before 2.9.3 does not properly check the contact list before authorizing message transmission, which allows remote authenticated users to bypass intended access restrictions and conduct spam attacks via the messaging API.

Remediation

References

CVE-2015-5331

Related Vulnerabilities

WordPress Plugin Instagram Feed Unspecified Vulnerability (1.11.3)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4297)

WordPress Plugin FV Flowplayer Video Player Cross-Site Scripting (7.5.32.7212)

Squid Improper Input Validation Vulnerability (CVE-2009-2622)

WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Multiple Cross-Site Scripting Vulnerabilities (4.0.7)

Severity

Medium

Classification

CVE-2015-5331 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities