Description

mod/forum/externallib.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not verify group permissions, which allows remote authenticated users to access a forum via the forum_get_discussions web service.

Remediation

References

CVE-2014-7834

Related Vulnerabilities

WordPress Other Vulnerability (CVE-2006-1796)

WordPress Plugin Software License Manager Cross-Site Scripting (4.4.7)

WordPress Plugin BA Book Everything Cross-Site Scripting (1.3.24)

TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-3673)

Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.3)

Severity

Medium

Classification

CVE-2014-7834 CWE-264

Tags

Missing Update Known Vulnerabilities