PT-2017-17767 · Moodle · Moodle

Daniel Kosinski

Published

2017-05-15

Updated

2022-05-13

CVE-2017-7490

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Moodle versions 2.x through 3.x

Description A missing capability check in Moodle allows for the searching of arbitrary blogs.

Recommendations For versions 2.x through 3.x, apply the necessary patch or update to include the capability check and restrict unauthorized access to blog searches.

Fix

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-668

Related Identifiers

CVE-2017-7490

GHSA-9X63-M3CC-QF3G

Affected Products

Moodle

PT-2017-17767 · Moodle · Moodle

CVE-2017-7490

Weakness Enumeration

Related Identifiers

Affected Products

References · 8