CVE-2015-5331

Sažetak

Moodle 2.9.x before 2.9.3 does not properly check the contact list before authorizing message transmission, which allows remote authenticated users to bypass intended access restrictions and conduct spam attacks via the messaging API.

Reference

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50426
https://moodle.org/mod/forum/discuss.php?d=323228

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

01-12-2020 - 14:52

Objavljeno

22-02-2016 - 05:59