CVE-2012-2358

Priority
Low
Description
Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3
allows remote authenticated users to bypass an activity's read-only state
and modify the database by leveraging the student role and editing database
activity entries that already exist.
References
Notes
 jdstrand> moodle 2.0 and higher
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (1.9.9.dfsg2-6)
Ubuntu 14.04 LTS (Trusty Tahr):needs-triage
Ubuntu Touch 15.04:DNE
Ubuntu Core 15.04:DNE
Ubuntu 15.10 (Wily Werewolf):ignored (reached end-of-life)
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 16.10 (Yakkety Yak):needs-triage
Patches:
Upstream:http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31811
More Information

Updated: 2016-08-01 16:16:09 UTC (commit 11295)