Description

The time-validation implementation in (1) mod/feedback/complete.php and (2) mod/feedback/complete_guest.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote authenticated users to bypass intended restrictions on starting a Feedback activity by choosing an unavailable time.

Remediation

References

CVE-2014-0127

Related Vulnerabilities

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-20507)

Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-14998)

WordPress Plugin Ultimate Reviews PHP Object Injection (2.0.18)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-7867)

WordPress Plugin CrossSlide jQuery Multiple Vulnerabilities (2.0.5)

Severity

Medium

Classification

CVE-2014-0127 CWE-264

Tags

Missing Update Known Vulnerabilities