Description
mod/assign/externallib.php in Moodle 2.6.x before 2.6.2 does not properly handle assignment web-service parameters, which might allow remote authenticated users to modify grade metadata via unspecified vectors.
Remediation
References
Related Vulnerabilities
WordPress Plugin Media File Manager Advanced Multiple Vulnerabilities (1.1.5)
ownCloud Session Fixation Vulnerability (CVE-2021-35948)
WordPress Plugin Football Pool Arbitrary File Upload (2.6.3)
Joomla! Core 3.x.x Cross-Site Request Forgery (3.7.0 - 3.9.19)
WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Cross-Site Request Forgery (3.8.9)