Description
mod/assign/externallib.php in Moodle 2.6.x before 2.6.2 does not properly handle assignment web-service parameters, which might allow remote authenticated users to modify grade metadata via unspecified vectors.
Remediation
References
Related Vulnerabilities
Claroline Other Vulnerability (CVE-2006-5256)
WordPress Plugin Cart66 Lite::WordPress Ecommerce Multiple Vulnerabilities (1.5.3)
WordPress Plugin Yasr-Yet Another Stars Rating PHP Object Injection (1.8.6)
Joomla! Core 1.6.x Cross-Site Scripting (1.6.0 - 1.6.5)
WordPress Plugin Forums 'url' Parameter Arbitrary File Disclosure (1.4.3)