Description

notes/edit.php in Moodle 1.9.x through 1.9.19, 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote authenticated users to reassign notes via a modified (1) userid or (2) courseid field.

Remediation

References

CVE-2013-1834

Related Vulnerabilities

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-3549)

WordPress Plugin Processing Embed 'pluginurl' Parameter Cross-Site Scripting (0.5)

WordPress Plugin NEX-Forms-The Ultimate WordPress Form Builder Security Bypass (7.8.7)

WordPress Plugin Levo Slideshow Multiple Vulnerabilities (2.3)

PostgreSQL Arbitrary Code Execution Vulnerbality (CVE-2020-25696)

Severity

Medium

Classification

CVE-2013-1834 CWE-264

Tags

Missing Update Known Vulnerabilities