Vadim Dvorovenko

**Name of the Vulnerable Software and Affected Versions** Moodle versions 3.0 through 3.0.3 Moodle versions 2.9 through 2.9.5 Moodle versions 2.8 through 2.8.11 Moodle versions 2.7 through 2.7.13 Moodle versions prior to 2.7 **Description** The user editing form in Moodle allows remote authenticated users to edit profile fields locked by the administrator. **Recommendations** For Moodle versions 3.0 through 3.0.3, update to a version outside of this range to mitigate the risk. For Moodle versions 2.9 through 2.9.5, update to a version outside of this range to mitigate the risk. For Moodle versions 2.8 through 2.8.11, update to a version outside of this range to mitigate the risk. For Moodle versions 2.7 through 2.7.13, update to a version outside of this range to mitigate the risk. For Moodle versions prior to 2.7, update to a version outside of this range to mitigate the risk.