CVE-2015-2271

Name of the Vulnerable Software and Affected Versions Moodle versions 2.5.9 and earlier, 2.6.x before 2.6.9, 2.7.x before 2.7.6, 2.8.x before 2.8.4

Description The issue is related to inadequate access control in the tag/user.php component of the Moodle learning management system. This allows remote authenticated users to bypass intended access restrictions. The "Flag as inappropriate" feature can be exploited to circumvent existing access limitations.

Recommendations For versions 2.5.9 and earlier, update to a version later than 2.5.9 to resolve the issue. For versions 2.6.x before 2.6.9, update to version 2.6.9 or later. For versions 2.7.x before 2.7.6, update to version 2.7.6 or later. For versions 2.8.x before 2.8.4, update to version 2.8.4 or later.