Home > Vulnerability Database > CVE-2015-5264

Mend.io Vulnerability Database

CVE-2015-5264

Date: February 21, 2016

The lesson module in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to bypass intended access restrictions and enter additional answer attempts by leveraging the student role.

Language: PHP

Severity Score

5.4

Related Resources (18)

Url: http://www.securitytracker.com/id/1033619

Url: https://web.archive.org/web/20160323063809/http://www.securitytracker.com/id/1033619

Url: https://github.com/moodle/moodle/commit/9d5b339126586eddeced463c81295146e231a3c4

Url: https://github.com/moodle/moodle/commit/3071f085918dfeabb154596362dab2648ec6ad84

Url: https://github.com/moodle/moodle/commit/ca74203efd51be6467091d9af762a31a7cad5840

Url: http://www.openwall.com/lists/oss-security/2015/09/21/1

Url: https://github.com/moodle/moodle/commit/343ed5b929ff8a68efe076505cd3e52d951f7869

Url: https://github.com/moodle/moodle/commit/cd3a6a78b67abf5c9eb355ddc7899b1b2a9b20ac

Url: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50516

Url: https://moodle.org/mod/forum/discuss.php?d=320287

Url: https://nvd.nist.gov/vuln/detail/CVE-2015-5264

Url: https://github.com/moodle/moodle

Url: https://github.com/moodle/moodle/commit/67e3f70bb11382fc0f1eaf1a160c349269e370cc

Url: https://github.com/moodle/moodle/commit/e7288eaabe77e04157f702b20fd0a7e9ce7067ca

Url: https://github.com/moodle/moodle/commit/39b50f7d3eea43266a3d0c09590e48624e69a091

Url: https://github.com/moodle/moodle/commit/f9cc721dfd761ee34209cf58838079b9b550b356

Url: https://github.com/moodle/moodle/commit/9fd13426926fd882d3f024cb7171802ef2b3814d

Url: https://www.mend.io/vulnerability-database/CVE-2015-5264

Severity Score

5.4

Weakness Type (CWE)

Permissions, Privileges, and Access Control

CWE-264

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	5.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2015-5264

Date: February 21, 2016

Language: PHP

Severity Score

Related Resources (18)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?