Description

The lesson module in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to bypass intended access restrictions and enter additional answer attempts by leveraging the student role.

Remediation

References

CVE-2015-5264

Related Vulnerabilities

Jenkins CVE-2015-7538 Vulnerability (CVE-2015-7538)

WordPress Plugin WP Symposium Multiple Vulnerabilities (14.05.02)

GlassFish Improper Input Validation Vulnerability (CVE-2011-5035)

WordPress Plugin Vuukle Comments, Reactions, Share Bar, Revenue Cross-Site Request Forgery (3.4.31)

Joomla! Core 3.x.x Remote Code Execution (3.7.0 - 3.8.7)

Severity

Medium

Classification

CVE-2015-5264 CWE-264 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities