Moodle Missing Authorization Vulnerability (CVE-2019-10187)

Description

A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Users with permission to delete entries from a glossary were able to delete entries from other glossaries they did not have direct access to.

Remediation

References

CVE-2019-10187

Related Vulnerabilities

WordPress Plugin Velvet Blues Update URLs Unspecified Vulnerability (2.1)

Microsoft SQL Server CVE-2024-0056 Vulnerability (CVE-2024-0056)

Apache Tomcat Improperly Implemented Security Check for Standard Vulnerability (CVE-2017-15706)

Squid Improper Input Validation Vulnerability (CVE-2013-1839)

WordPress Plugin GigPress 'Notes' Field HTML Injection (2.1.10)

Severity

Medium

Classification

CVE-2019-10187 CWE-862 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N