CVE-2014-7846

2014-11-24T06:59:11
ID CVE-2014-7846
Type cve
Reporter NVD
Modified 2015-09-03T10:27:51

Description

tag/tag_autocomplete.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not consider the moodle/tag:edit capability before adding a tag, which allows remote authenticated users to bypass intended access restrictions via an AJAX request.