CVE-2015-0214

Name of the Vulnerable Software and Affected Versions Moodle versions 2.5.9 and earlier Moodle versions 2.6.x before 2.6.7 Moodle versions 2.7.x before 2.7.4 Moodle versions 2.8.x before 2.8.2

Description The issue is related to insufficient access control in the message/externallib.php component of the Moodle learning management system. This allows a remote authenticated user to bypass the messaging-disabled setting by sending a specially crafted web-services request. For example, this can be achieved through a people-search request.

Recommendations For Moodle versions 2.5.9 and earlier, update to version 2.6.7 or later. For Moodle versions 2.6.x before 2.6.7, update to version 2.6.7 or later. For Moodle versions 2.7.x before 2.7.4, update to version 2.7.4 or later. For Moodle versions 2.8.x before 2.8.2, update to version 2.8.2 or later.