Description

The lesson module in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to bypass intended access restrictions and enter additional answer attempts by leveraging the student role.

Remediation

References

CVE-2015-5264

Related Vulnerabilities

Django Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-33571)

WordPress Plugin Kama Click Counter Cross-Site Scripting (3.4.9)

Squid Improper Certificate Validation Vulnerability (CVE-2023-46724)

WordPress Plugin WooCommerce OpenPOS Arbitrary File Deletion (6.4.4)

WordPress Plugin Mini Mail Dashboard Widget 'abspath' Parameter Remote File Include (1.36)

Severity

Medium

Classification

CVE-2015-5264 CWE-264 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities