Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2015-5266

Date: February 21, 2016

The enrol_meta_sync function in enrol/meta/locallib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to obtain manager privileges in opportunistic circumstances by leveraging incorrect role processing during a long-running sync script.

Language: PHP

Severity Score

Related Resources (12)

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50744
https://nvd.nist.gov/vuln/detail/CVE-2015-5266
http://www.securitytracker.com/id/1033619
https://web.archive.org/web/20160323063809/http://www.securitytracker.com/id/1033619
https://github.com/moodle/moodle
https://moodle.org/mod/forum/discuss.php?d=320290
http://www.openwall.com/lists/oss-security/2015/09/21/1
https://github.com/moodle/moodle/commit/f7fbc80766b72ed1c9915698edd443ee8f6eafbd
https://github.com/moodle/moodle/commit/ab006d43e48add8e5495141d4d750c1531772ca2
https://github.com/moodle/moodle/commit/936facab28d8d8bd03f38da42cb80fafba1a06db
https://github.com/moodle/moodle/commit/dff6cdc88355f22ebaaf8f00c44a1ad51d272344
https://www.mend.io/vulnerability-database/CVE-2015-5266

Severity Score

Weakness Type (CWE)

Permissions, Privileges, and Access Control

CWE-264

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): SINGLE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us