Description

The Forum module in Moodle 2.7.x before 2.7.10 allows remote authenticated users to post to arbitrary groups by leveraging the teacher role, as demonstrated by a post directed to "all participants."

Remediation

References

CVE-2015-5272

Related Vulnerabilities

Oracle Application Server CVE-2009-1976 Vulnerability (CVE-2009-1976)

WordPress Plugin Realty by BestWebSoft Cross-Site Scripting (1.0.9)

WordPress Plugin WP Unique Article Header Image Cross-Site Request Forgery (1.0)

WordPress Plugin Great Restaurant Menu WP SQL Injection (1.4.1)

WordPress Plugin WP Cerber Security, Anti-spam & Malware Scan Cross-Site Request Forgery (2.7.2)

Severity

Medium

Classification

CVE-2015-5272 CWE-264 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities