Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Moodle Incorrect Authorization Vulnerability (CVE-2022-0984) - Vulnerability Database

Moodle Incorrect Authorization Vulnerability (CVE-2022-0984)

Description

Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges.

References

CVE-2022-0984

Related Vulnerabilities

Apache HTTP Server Out-of-bounds Write Vulnerability (CVE-2021-39275) Critical
Common tags: Missing Update Known Vulnerabilities
Jboss EAP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-10688) Medium
Common tags: Missing Update Known Vulnerabilities
Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-10242) Medium
Common tags: Missing Update Known Vulnerabilities
Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-10243) Critical
Common tags: Missing Update Known Vulnerabilities
ownCloud Server-Side Request Forgery (SSRF) Vulnerability (CVE-2020-10252) High
Common tags: Missing Update Known Vulnerabilities

Severity

Medium

Classification

CVE-2022-0984
CWE-863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update
Known Vulnerabilities