CVE-2016-2159

First published: Sun May 22 2016(Updated: )

The save_submission function in mod/assign/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote authenticated users to bypass intended due-date restrictions by leveraging the student role for a web-service request.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
Moodle Moodle	<=2.6.11
Moodle Moodle	=2.7.0
Moodle Moodle	=2.7.1
Moodle Moodle	=2.7.2
Moodle Moodle	=2.7.3
Moodle Moodle	=2.7.4
Moodle Moodle	=2.7.5
Moodle Moodle	=2.7.6
Moodle Moodle	=2.7.7
Moodle Moodle	=2.7.8
Moodle Moodle	=2.7.9
Moodle Moodle	=2.7.10
Moodle Moodle	=2.7.11
Moodle Moodle	=2.7.12
Moodle Moodle	=2.8.0
Moodle Moodle	=2.8.1
Moodle Moodle	=2.8.2
Moodle Moodle	=2.8.3
Moodle Moodle	=2.8.4
Moodle Moodle	=2.8.5
Moodle Moodle	=2.8.6
Moodle Moodle	=2.8.7
Moodle Moodle	=2.8.8
Moodle Moodle	=2.8.9
Moodle Moodle	=2.8.10
Moodle Moodle	=2.9.0
Moodle Moodle	=2.9.1
Moodle Moodle	=2.9.2
Moodle Moodle	=2.9.3
Moodle Moodle	=2.9.4
Moodle Moodle	=3.0.0
Moodle Moodle	=3.0.1
Moodle Moodle	=3.0.2
composer/moodle/moodle	>=3.0<3.0.3	3.0.3
composer/moodle/moodle	>=2.9<2.9.5	2.9.5
composer/moodle/moodle	>=2.8<2.8.11	2.8.11
composer/moodle/moodle	>=2.7<2.7.13	2.7.13

Never miss a vulnerability like this again

Reference Links

collector/nvd-index
agent/type
collector/github-advisory-latest
source/GitHub
alias/GHSA-cw72-69wq-f9f2
alias/CVE-2016-2159
agent/software-canonical-lookup
agent/weakness
agent/references
agent/severity
agent/description
agent/softwarecombine
collector/nvd-cve
source/NVD
agent/author
collector/github-advisory
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/tags
agent/event
agent/trending
vendor/moodle
canonical/moodle moodle
version/moodle moodle/2.6.11
version/moodle moodle/2.7.0
version/moodle moodle/2.7.1
version/moodle moodle/2.7.2
version/moodle moodle/2.7.3
version/moodle moodle/2.7.4
version/moodle moodle/2.7.5
version/moodle moodle/2.7.6
version/moodle moodle/2.7.7
version/moodle moodle/2.7.8
version/moodle moodle/2.7.9
version/moodle moodle/2.7.10
version/moodle moodle/2.7.11
version/moodle moodle/2.7.12
version/moodle moodle/2.8.0
version/moodle moodle/2.8.1
version/moodle moodle/2.8.2
version/moodle moodle/2.8.3
version/moodle moodle/2.8.4
version/moodle moodle/2.8.5
version/moodle moodle/2.8.6
version/moodle moodle/2.8.7
version/moodle moodle/2.8.8
version/moodle moodle/2.8.9
version/moodle moodle/2.8.10
version/moodle moodle/2.9.0
version/moodle moodle/2.9.1
version/moodle moodle/2.9.2
version/moodle moodle/2.9.3
version/moodle moodle/2.9.4
version/moodle moodle/3.0.0
version/moodle moodle/3.0.1
version/moodle moodle/3.0.2
package-manager/composer

CVE-2016-2159

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact