Vulnerability Details CVE-2016-3733
The "restore teacher" feature in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to overwrite the course idnumber.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 62.1%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 4.0
References
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51369
- http://www.openwall.com/lists/oss-security/2016/05/17/4
- http://www.securitytracker.com/id/1035902
- https://bugzilla.redhat.com/show_bug.cgi?id=1335933
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51369
- http://www.openwall.com/lists/oss-security/2016/05/17/4
- http://www.securitytracker.com/id/1035902
- https://bugzilla.redhat.com/show_bug.cgi?id=1335933
Products affected by CVE-2016-3733
-
cpe:2.3:a:moodle:moodle:2.7.0
-
cpe:2.3:a:moodle:moodle:2.7.1
-
cpe:2.3:a:moodle:moodle:2.7.10
-
cpe:2.3:a:moodle:moodle:2.7.11
-
cpe:2.3:a:moodle:moodle:2.7.12
-
cpe:2.3:a:moodle:moodle:2.7.13
-
cpe:2.3:a:moodle:moodle:2.7.2
-
cpe:2.3:a:moodle:moodle:2.7.3
-
cpe:2.3:a:moodle:moodle:2.7.4
-
cpe:2.3:a:moodle:moodle:2.7.5
-
cpe:2.3:a:moodle:moodle:2.7.6
-
cpe:2.3:a:moodle:moodle:2.7.7
-
cpe:2.3:a:moodle:moodle:2.7.8
-
cpe:2.3:a:moodle:moodle:2.7.9
-
cpe:2.3:a:moodle:moodle:2.8.0
-
cpe:2.3:a:moodle:moodle:2.8.1
-
cpe:2.3:a:moodle:moodle:2.8.10
-
cpe:2.3:a:moodle:moodle:2.8.11
-
cpe:2.3:a:moodle:moodle:2.8.2
-
cpe:2.3:a:moodle:moodle:2.8.3
-
cpe:2.3:a:moodle:moodle:2.8.4
-
cpe:2.3:a:moodle:moodle:2.8.5
-
cpe:2.3:a:moodle:moodle:2.8.6
-
cpe:2.3:a:moodle:moodle:2.8.7
-
cpe:2.3:a:moodle:moodle:2.8.8
-
cpe:2.3:a:moodle:moodle:2.8.9
-
cpe:2.3:a:moodle:moodle:2.9.0
-
cpe:2.3:a:moodle:moodle:2.9.1
-
cpe:2.3:a:moodle:moodle:2.9.2
-
cpe:2.3:a:moodle:moodle:2.9.3
-
cpe:2.3:a:moodle:moodle:2.9.4
-
cpe:2.3:a:moodle:moodle:2.9.5
-
cpe:2.3:a:moodle:moodle:3.0.0
-
cpe:2.3:a:moodle:moodle:3.0.1
-
cpe:2.3:a:moodle:moodle:3.0.2
-
cpe:2.3:a:moodle:moodle:3.0.3