Description

mod/forum/externallib.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not verify group permissions, which allows remote authenticated users to access a forum via the forum_get_discussions web service.

Remediation

References

CVE-2014-7834

Related Vulnerabilities

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-37251)

Oracle JRE CVE-2013-2455 Vulnerability (CVE-2013-2455)

WordPress Plugin Smush Image Compression and Optimization Multiple Vulnerabilities (2.9.1)

WordPress Plugin YITH PayPal Express Checkout for WooCommerce Security Bypass (1.2.5)

WordPress Plugin Count per Day Search Bar Cross-Site Scripting (3.2.2)

Severity

Medium

Classification

CVE-2014-7834 CWE-264

Tags

Missing Update Known Vulnerabilities