moodle -- multiple vulnerabilities

2016-05-18T00:00:00
ID 8656CF5F-4170-11E6-8DFE-002590263BF5
Type freebsd
Reporter FreeBSD
Modified 2016-05-18T00:00:00

Description

Marina Glancy reports:

MSA-16-0013: Users are able to change profile fields that were locked by the administrator. MSA-16-0015: Information disclosure of hidden forum names and sub-names. MSA-16-0016: User can view badges of other users without proper permissions. MSA-16-0017: Course idnumber not protected from teacher restore. MSA-16-0018: CSRF in script marking forum posts as read.