WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-7846)

Description

tag/tag_autocomplete.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not consider the moodle/tag:edit capability before adding a tag, which allows remote authenticated users to bypass intended access restrictions via an AJAX request.

Remediation

References

Related Vulnerabilities

WordPress Plugin Wordfence Security-Firewall & Malware Scan Cross-Site Scripting (3.3.5)

WordPress Plugin Peter's Math Anti-Spam Audio CAPTCHA Security Bypass (0.1.6)

TYPO3 Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2010-1153)

Grafana Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-43815)

WordPress Plugin Email Verification for WooCommerce Unspecified Vulnerability (1.8.1)

Severity

Medium

Classification

CVE-2014-7846 CWE-264

Tags

Missing Update Known Vulnerabilities