Vulnerability Details CVE-2012-6102
lib.php in the Submission comments plugin in the Assignment module in Moodle 2.3.x before 2.3.4 and 2.4.x before 2.4.1 allows remote attackers to read or modify the submission comments (aka feedback comments) of arbitrary users via a crafted URI.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.6%
CVSS Severity
CVSS v2 Score 6.4
References
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37244
- http://openwall.com/lists/oss-security/2013/01/21/1
- https://moodle.org/mod/forum/discuss.php?d=220163
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37244
- http://openwall.com/lists/oss-security/2013/01/21/1
- https://moodle.org/mod/forum/discuss.php?d=220163
Products affected by CVE-2012-6102
-
cpe:2.3:a:moodle:moodle:2.3.0
-
cpe:2.3:a:moodle:moodle:2.3.1
-
cpe:2.3:a:moodle:moodle:2.3.2
-
cpe:2.3:a:moodle:moodle:2.3.3
-
cpe:2.3:a:moodle:moodle:2.4.0