Description

The lesson module in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to bypass intended access restrictions and enter additional answer attempts by leveraging the student role.

Remediation

References

CVE-2015-5264

Related Vulnerabilities

OpenSSL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2022-1434)

TYPO3 Uncontrolled Recursion Vulnerability (CVE-2022-23500)

WordPress Plugin Pods-Custom Content Types and Fields Malicious Code (3.2.3)

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-14166)

Oracle Database Server Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1675)

Severity

Medium

Classification

CVE-2015-5264 CWE-264 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities