Description

Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass question:use* capability requirements and add arbitrary questions to a quiz via the questions feature.

Remediation

References

CVE-2012-2355

Related Vulnerabilities

OpenSSL Improper Input Validation Vulnerability (CVE-2015-1787)

LimeSurvey Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2020-11455)

WordPress Plugin WPS Hide Login Cross-Site Request Forgery (1.0)

WordPress Plugin Image News slider Arbitrary File Upload (3.5)

WordPress Plugin WP Inventory Manager Cross-Site Scripting (1.7.8)

Severity

Medium

Classification

CVE-2012-2355 CWE-264

Tags

Missing Update Known Vulnerabilities