Description
The user editing form in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to edit profile fields locked by the administrator.
Remediation
References
Related Vulnerabilities
Jenkins Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-0327)
WordPress Plugin WP Sitemap Page Cross-Site Scripting (1.6.4)
TYPO3 Improper Input Validation Vulnerability (CVE-2013-4250)
Plone CMS URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2016-7137)
Magento XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2021-21025)