CVE-2015-5272

The Forum module in Moodle 2.7.x before 2.7.10 allows remote authenticated users to post to arbitrary groups by leveraging the teacher role, as demonstrated by a post directed to "all participants."
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:moodle:moodle:2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.7.2:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.7.3:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.7.4:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.7.5:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.7.6:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.7.7:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.7.8:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.7.9:*:*:*:*:*:*:*

History

No history.

Information

Published : 2016-02-22 05:59

Updated : 2024-02-28 15:21


NVD link : CVE-2015-5272

Mitre link : CVE-2015-5272

CVE.ORG link : CVE-2015-5272


JSON object : View

Products Affected

moodle

  • moodle
CWE
CWE-264

Permissions, Privileges, and Access Controls