CVE-2016-3729

MEDIUM

Moodle <3.0.3, <2.9.5, <2.8.11, <2.7.13 - Privilege Escalation

Title source: llm

Description

The user editing form in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to edit profile fields locked by the administrator.

References (3)

Scores

CVSS v3 6.5
EPSS 0.0038
EPSS Percentile 59.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Classification

CWE
CWE-284
Status published

Affected Products (46)

moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
... and 31 more

Timeline

Published Apr 20, 2017
Tracked Since Feb 18, 2026