Description

message/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to bypass a messaging-disabled setting via a web-services request, as demonstrated by a people-search request.

Remediation

References

CVE-2015-0214

Related Vulnerabilities

Jetty Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-34429)

WordPress Plugin Contest Gallery-Photo Contest for WordPress Cross-Site Scripting (13.1.0.9)

WordPress Plugin WP Cerber Security, Anti-spam & Malware Scan Cross-Site Request Forgery (2.0.1.6)

WordPress Plugin Audio Record Arbitrary File Upload (1.0)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2013-2110)

Severity

Medium

Classification

CVE-2015-0214 CWE-264

Tags

Missing Update Known Vulnerabilities