Description

course/reset.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 checks an update capability instead of a reset capability, which allows remote authenticated users to bypass intended access restrictions via a reset operation.

Remediation

References

CVE-2012-4408

Related Vulnerabilities

XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-34464)

WordPress Plugin WP DSGVO Tools (GDPR) Security Bypass (3.1.23)

Oracle JRE CVE-2020-2654 Vulnerability (CVE-2020-2654)

WordPress 3.9.x Multiple Vulnerabilities (3.9 - 3.9.18)

WordPress Plugin Recipe Card Blocks for Gutenberg & Elementor Cross-Site Scripting (2.8.2)

Severity

Medium

Classification

CVE-2012-4408 CWE-264

Tags

Missing Update Known Vulnerabilities