Profile Field Editing Vulnerability in Moodle Versions 2.7 through 3.0.3

Profile Field Editing Vulnerability in Moodle Versions 2.7 through 3.0.3

CVE-2016-3729 · MEDIUM Severity

AV:N/AC:L/AU:S/C:N/I:P/A:N

The user editing form in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to edit profile fields locked by the administrator.

Learn more about our User Device Pen Test.