Published: 21/07/2012 Updated: 01/12/2020

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N

Moodle 1.9.x prior to 1.9.18, 2.0.x prior to 2.0.9, 2.1.x prior to 2.1.6, and 2.2.x prior to 2.2.3 allows remote authenticated users to bypass the moodle/calendar:manageownentries capability requirement and add a calendar entry via a New Entry action.

Vulnerable Product	Search on Vulmon	Subscribe to Product
moodle moodle 1.9.2
moodle moodle 1.9.1
moodle moodle 1.9.6
moodle moodle 1.9.5
moodle moodle 1.9.7
moodle moodle 1.9.15
moodle moodle 1.9.8
moodle moodle 1.9.10
moodle moodle 1.9.14
moodle moodle 1.9.11
moodle moodle 1.9.4
moodle moodle 1.9.9
moodle moodle 1.9.17
moodle moodle 1.9.16
moodle moodle 1.9.3
moodle moodle 1.9.12
moodle moodle 1.9.13
moodle moodle 2.0.6
moodle moodle 2.0.5
moodle moodle 2.0.4
moodle moodle 2.0.1
moodle moodle 2.0.7
moodle moodle 2.0.3
moodle moodle 2.0.2
moodle moodle 2.0.0
moodle moodle 2.0.8
moodle moodle 2.1.1
moodle moodle 2.1.3
moodle moodle 2.1.4
moodle moodle 2.1.2
moodle moodle 2.1.0
moodle moodle 2.1.5
moodle moodle 2.2.1
moodle moodle 2.2.0
moodle moodle 2.2.2

CWE-264 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-18335 http://openwall.com/lists/oss-security/2012/05/23/2 https://moodle.org/mod/forum/discuss.php?d=203057 http://www.securityfocus.com/bid/53626 http://osvdb.org/82074 https://nvd.nist.gov

CVE-2012-2367

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect