Arbitrary Database Activity Preset Overwrite in Moodle 2.1.x and 2.2.x

Arbitrary Database Activity Preset Overwrite in Moodle 2.1.x and 2.2.x

CVE-2012-2366 · MEDIUM Severity

AV:N/AC:L/AU:S/C:N/I:P/A:P

mod/data/preset.php in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not properly iterate through an array, which allows remote authenticated users to overwrite arbitrary database activity presets via unspecified vectors.

Learn more about our User Device Pen Test.