CVE-2016-2159

First published: Sun May 22 2016(Updated: )

The save_submission function in mod/assign/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote authenticated users to bypass intended due-date restrictions by leveraging the student role for a web-service request.

Credit: secalert@redhat.com secalert@redhat.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/type
• collector/github-advisory-latest
• source/GitHub
• alias/GHSA-cw72-69wq-f9f2
• alias/CVE-2016-2159
• agent/software-canonical-lookup
• agent/weakness
• agent/references
• agent/severity
• agent/description
• agent/softwarecombine
• agent/author
• collector/github-advisory
• collector/mitre-cve
• source/MITRE
• agent/last-modified-date
• agent/first-publish-date
• agent/event
• agent/trending
• agent/source
• agent/tags
• collector/nvd-cve
• source/NVD
• agent/software-canonical-lookup-request
• collector/nvd-index
• package-manager/composer
• vendor/moodle
• canonical/moodle
• version/moodle/2.6.11
• version/moodle/2.7.0
• version/moodle/2.7.1
• version/moodle/2.7.2
• version/moodle/2.7.3
• version/moodle/2.7.4
• version/moodle/2.7.5
• version/moodle/2.7.6
• version/moodle/2.7.7
• version/moodle/2.7.8
• version/moodle/2.7.9
• version/moodle/2.7.10
• version/moodle/2.7.11
• version/moodle/2.7.12
• version/moodle/2.8.0
• version/moodle/2.8.1
• version/moodle/2.8.2
• version/moodle/2.8.3
• version/moodle/2.8.4
• version/moodle/2.8.5
• version/moodle/2.8.6
• version/moodle/2.8.7
• version/moodle/2.8.8
• version/moodle/2.8.9
• version/moodle/2.8.10
• version/moodle/2.9.0
• version/moodle/2.9.1
• version/moodle/2.9.2
• version/moodle/2.9.3
• version/moodle/2.9.4
• version/moodle/3.0.0
• version/moodle/3.0.1
• version/moodle/3.0.2