Description

lib.php in the Submission comments plugin in the Assignment module in Moodle 2.3.x before 2.3.4 and 2.4.x before 2.4.1 allows remote attackers to read or modify the submission comments (aka feedback comments) of arbitrary users via a crafted URI.

Remediation

References

CVE-2012-6102

Related Vulnerabilities

WordPress Plugin Catch Import Export Security Bypass (1.8)

WordPress Plugin AdRotate-Ad manager & AdSense Ads 'adrotate-out.php' SQL Injection (3.6.6)

WordPress Plugin Facebook Members Cross-Site Scripting (7.0)

WordPress Plugin Ultimate Affiliate Pro Multiple Cross-Site Scripting Vulnerabilities (3.6)

TYPO3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-19850)

Severity

Medium

Classification

CVE-2012-6102 CWE-264

Tags

Missing Update Known Vulnerabilities