CVE-2016-3733

MEDIUM

Moodle <3.0.3-<2.8.11 - Privilege Escalation

Title source: llm

Description

The "restore teacher" feature in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to overwrite the course idnumber.

References (4)

[Patch, Vendor Advisory] http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51369

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2016/05/17/4

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1035902

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=1335933

Scores

CVSS v3 4.3

EPSS 0.0044

EPSS Percentile 63.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Classification

CWE

CWE-284

Status published

Affected Products (46)

n/a/n/a

moodle/moodle

... and 31 more

Timeline

Published Apr 20, 2017

Tracked Since Feb 18, 2026