2 matches found
CVE-2024-5438 Tutor LMS – eLearning and online course solution <= 2.7.1 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.7.1 via the 'attemptdelete' function due to missing validation on a user controlled key. This makes it possible for authenticated...
PT-2023-13770 · Moodle +1 · Moodle +1
Name of the Vulnerable Software and Affected Versions: Moodle affected versions not specified Description: The issue is related to insufficient limitations in some quiz web services, allowing students to bypass sequential navigation during a quiz attempt. Recommendations: At the moment, there is ...