CVE-2014-0127

Moodle <2.3.11, <2.4.9, <2.5.5, <2.6.2 - Auth Bypass

Title source: llm
STIX 2.1

Description

The time-validation implementation in (1) mod/feedback/complete.php and (2) mod/feedback/complete_guest.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote authenticated users to bypass intended restrictions on starting a Feedback activity by choosing an unavailable time.

References (3)

Core 3
Core References
Mailing List mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2014/03/17/1
Vendor Advisory x_refsource_confirm
https://moodle.org/mod/forum/discuss.php?d=256417

Scores

EPSS 0.0017
EPSS Percentile 38.0%

Details

CWE
CWE-264
Status published
Products (50)
moodle/moodle 2.0.0
moodle/moodle 2.0.1
moodle/moodle 2.0.2
moodle/moodle 2.0.3
moodle/moodle 2.0.4
moodle/moodle 2.0.5
moodle/moodle 2.0.6
moodle/moodle 2.0.7
moodle/moodle 2.0.8
moodle/moodle 2.0.9
... and 40 more
Published Mar 24, 2014
Tracked Since Feb 18, 2026