WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4402)

Description

webservice/lib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly restrict the use of web-service tokens, which allows remote authenticated users to run arbitrary external-service functions via a token intended for only one service.

Remediation

References

Related Vulnerabilities

WordPress Plugin MailPoet Newsletters (Previous) Cross-Site Scripting (2.6.11)

WordPress Plugin WP Hotel Booking PHP Object Injection (1.10.3)

PHP Use of Externally-Controlled Format String Vulnerability (CVE-2009-3294)

Mailman Other Vulnerability (CVE-2002-0855)

IBM WebSEAL Incorrect Default Permissions Vulnerability (CVE-2023-38370)

Severity

Medium

Classification

CVE-2012-4402 CWE-264

Tags

Missing Update Known Vulnerabilities