Lucene search
Veracode Vulnerability DatabaseVERACODE:4386HistoryJun 07, 2017 - 3:09 a.m.
Unauthorized Outcome Editing
2017-06-0703:09:16
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
EPSS
0.001
Percentile
46.6%
Moodle is vulnerable to unauthorized outcome editing. This is possible because grade/edit/outcome/edit_form.php does not properly enforce the moodle/grade:manage capability of users when editing the outcome. Therefore, an authenticated user with the teacher role can set a custom outcome to a standard outcome when re-editing an outcome.
Related
cve
cve
CVE-2012-6098
2013-01-27 22:55:03
cvelist
cvelist
CVE-2012-6098
2013-01-27 22:00:00
prion
prion
Design/Logic Flaw
2013-01-27 22:55:00
ubuntucve
ubuntucve
CVE-2012-6098
2013-01-27 00:00:00
nvd
nvd
CVE-2012-6098
2013-01-27 22:55:03
nessus
nessus
Moodle 2.1.x < 2.1.10 Multiple Vulnerabilities
2016-07-21 00:00:00
Moodle 2.2.x < 2.2.7 Multiple Vulnerabilities
2016-07-21 00:00:00
Moodle 2.3.x < 2.3.4 Multiple Vulnerabilities
2016-07-21 00:00:00