Description

The user editing form in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to edit profile fields locked by the administrator.

Remediation

References

CVE-2016-3729

Related Vulnerabilities

MyBB Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-4629)

WordPress Plugin Premium SEO Pack Multiple Vulnerabilities (1.8.0)

WordPress Plugin WP Academic People List Cross-Site Scripting (0.4.1)

WordPress Plugin Simple Ads Manager Denial of Service (2.9.3.114)

WordPress Plugin Captcha Backdoor (4.4.4)

Severity

Medium

Classification

CVE-2016-3729 CWE-284 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities