Description

The user editing form in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to edit profile fields locked by the administrator.

Remediation

References

CVE-2016-3729

Related Vulnerabilities

Jenkins Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-0327)

WordPress Plugin WP Sitemap Page Cross-Site Scripting (1.6.4)

TYPO3 Improper Input Validation Vulnerability (CVE-2013-4250)

Plone CMS URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2016-7137)

Magento XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2021-21025)

Severity

Medium

Classification

CVE-2016-3729 CWE-284 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities