Description

Moodle 2.9.x before 2.9.3 does not properly check the contact list before authorizing message transmission, which allows remote authenticated users to bypass intended access restrictions and conduct spam attacks via the messaging API.

Remediation

References

CVE-2015-5331

Related Vulnerabilities

Microsoft SQL Server CVE-2023-21705 Vulnerability (CVE-2023-21705)

MyBB URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-10678)

Oracle Application Server CVE-2008-0344 Vulnerability (CVE-2008-0344)

WordPress Plugin Duplicator-WordPress Migration Arbitrary File Disclosure (0.3.0)

WordPress Plugin PowerPress Podcasting by Blubrry Cross-Site Scripting (10.0.1)

Severity

Medium

Classification

CVE-2015-5331 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities