Description

mod/data/preset.php in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not properly iterate through an array, which allows remote authenticated users to overwrite arbitrary database activity presets via unspecified vectors.

Remediation

References

CVE-2012-2366

Related Vulnerabilities

WordPress Plugin Fancy Product Designer-WooCommerce Cross-Site Scripting (3.4.1)

Joomla! Core 2.5.x Clickjacking Vulnerability (2.5.0 - 2.5.7)

PHP Resource Management Errors Vulnerability (CVE-2006-1549)

Apache Tomcat URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-11784)

Zenphoto Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-44449)

Severity

Medium

Classification

CVE-2012-2366

Tags

Missing Update Known Vulnerabilities