Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Moodle Permissions Privileges and Access Controls Vulnerability - CVE-2016-2155 - Vulnerability Database
Moodle

Moodle Permissions Privileges and Access Controls Vulnerability - CVE-2016-2155

Medium
Reference: CVE-2016-2155
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2016-2155
Title: Moodle Permissions Privileges and Access Controls Vulnerability
Overview:

The grade-reporting feature in Singleview (aka Single View) in Moodle 2.8.x before 2.8.11 2.9.x before 2.9.5 and 3.0.x before 3.0.3 does not consider the moodle/grade:manage capability which allows remote authenticated users to modify quotExclude gradequot settings by leveraging the Non-Editing Instructor role.