Description

The capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of other users.

Remediation

References

CVE-2016-3732

Related Vulnerabilities

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-6297)

Joomla! Core 3.x.x Cross-Site Scripting (3.1.2 - 3.8.7)

EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14331)

WordPress Plugin WooCommerce PHP Object Injection (3.2.3)

TCExam Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-4602)

Severity

Medium

Classification

CVE-2016-3732 CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities