CVE-2012-3392

Loading...

General

Score:5.5/10.0
Severity:Medium
Category:Configuration Error
Exploit:Available

Impact Metrics

Confidentiality:None
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:Single

Relative vulnerabilities

CVE-2012-3387, CVE-2012-3388, CVE-2012-3389, CVE-2012-3390, CVE-2012-3391, CVE-2012-3393, CVE-2012-3394, CVE-2012-3395, CVE-2012-3396, CVE-2012-3397, CVE-2012-3398

Published on 23/07/12 - Updated on 01/12/17

Description

mod/forum/unsubscribeall.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not consider whether a forum is optional, which allows remote authenticated users to bypass forum-subscription requirements by leveraging the student role and unsubscribing from all forums.

Category: Configuration Error

CWE-16 (Configuration)
Weaknesses in this category are typically introduced during the configuration of the software.

Security Notices

US National Vulnerability DatabaseCVE-2012-3392
Agence Nationale de la Sécurité des Systèmes d'Information CERTA-2012-AVI-396
Renater 2012/VULN280

Exploits

SecurityFocusBID-54481

Relative technologies

VendorProduct
moodlemoodle

Share this vulnerability with:

Twitter Facebook LinkedIn Mail