mod/assign/externallib.php in Moodle 2.6.x prior to 2.6.2 does not properly handle assignment web-service parameters, which might allow remote authenticated users to modify grade metadata via unspecified vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
moodle moodle 2.6.0 |
||
moodle moodle 2.6.1 |