CVE-2016-8643

Name of the Vulnerable Software and Affected Versions Moodle versions 2.x through 3.x

Description The issue is related to insufficient access control in the administration service of the Moodle learning management system. This can potentially allow a remote attacker to compromise the confidentiality of information. Non-admin site managers may accidentally edit admin accounts via web services.

Recommendations For Moodle versions 2.x through 3.x, restrict access to web services for non-admin site managers to prevent accidental editing of admin accounts. As a temporary workaround, consider disabling web services for non-admin site managers until a proper fix is implemented.