Description

course/reset.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 checks an update capability instead of a reset capability, which allows remote authenticated users to bypass intended access restrictions via a reset operation.

Remediation

References

CVE-2012-4408

Related Vulnerabilities

WordPress Plugin Google Analytics Top Content Widget Cross-Site Scripting (1.5.6)

Squid Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-3947)

WordPress Plugin Product Catalog SQL Injection (3.1.2)

Atlassian Jira Insufficient Session Expiration Vulnerability (CVE-2021-39113)

Grafana Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-23498)

Severity

Medium

Classification

CVE-2012-4408 CWE-264

Tags

Missing Update Known Vulnerabilities