Description

The user editing form in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to edit profile fields locked by the administrator.

Remediation

References

CVE-2016-3729

Related Vulnerabilities

WordPress Plugin Event Calendar WD-Responsive Event Calendar Cross-Site Scripting (1.1.42)

WordPress Plugin Watu Quiz Cross-Site Scripting (3.3.8.2)

ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-2050)

MySQL CVE-2019-2826 Vulnerability (CVE-2019-2826)

Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-3630)

Severity

Medium

Classification

CVE-2016-3729 CWE-284 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities