Description

lib/formslib.php in Moodle 2.2.x before 2.2.6 and 2.3.x before 2.3.3 allows remote authenticated users to bypass intended access restrictions via a modified value of a frozen form field.

Remediation

References

CVE-2012-5472

Related Vulnerabilities

Oracle Database Server CVE-2015-4921 Vulnerability (CVE-2015-4921)

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-3747)

WordPress Plugin weForms-Easy Drag & Drop Contact Form Builder For WordPress CSV Injection (1.6.3)

WordPress Plugin LifterLMS-WP LMS for eLearning, Online Courses, & Quizzes Security Bypass (3.34.5)

WordPress Plugin Simple Personal Message SQL Injection (1.0.3)

Severity

Medium

Classification

CVE-2012-5472 CWE-264

Tags

Missing Update Known Vulnerabilities