CVE-2016-3729

Published: Apr 20, 2017Modified: May 13, 2026

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The user editing form in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to edit profile fields locked by the administrator.

Affected (44)

Products: Moodle: Moodle

Moodle

1 product

Moodle

Configuration A

44 vulnerable

Vulnerable Software	Affected Versions
Moodle Moodle	Version 2.7.0
Moodle Moodle	Version 2.7.0 beta
Moodle Moodle	Version 2.7.0 rc1
Moodle Moodle	Version 2.7.0 rc2
Moodle Moodle	Version 2.7.10
Moodle Moodle	Version 2.7.11
Moodle Moodle	Version 2.7.12
Moodle Moodle	Version 2.7.13
Moodle Moodle	Version 2.7.1
Moodle Moodle	Version 2.7.2
Moodle Moodle	Version 2.7.3
Moodle Moodle	Version 2.7.4
Moodle Moodle	Version 2.7.5
Moodle Moodle	Version 2.7.6
Moodle Moodle	Version 2.7.7
Moodle Moodle	Version 2.7.8
Moodle Moodle	Version 2.7.9
Moodle Moodle	Version 2.8.0
Moodle Moodle	Version 2.8.10
Moodle Moodle	Version 2.8.11
Moodle Moodle	Version 2.8.1
Moodle Moodle	Version 2.8.2
Moodle Moodle	Version 2.8.3
Moodle Moodle	Version 2.8.4
Moodle Moodle	Version 2.8.5
Moodle Moodle	Version 2.8.6
Moodle Moodle	Version 2.8.7
Moodle Moodle	Version 2.8.8
Moodle Moodle	Version 2.8.9
Moodle Moodle	Version 2.9.0
Moodle Moodle	Version 2.9.1
Moodle Moodle	Version 2.9.2
Moodle Moodle	Version 2.9.3
Moodle Moodle	Version 2.9.4
Moodle Moodle	Version 2.9.5
Moodle Moodle	Version 3.0.0
Moodle Moodle	Version 3.0.0 beta
Moodle Moodle	Version 3.0.0 rc1
Moodle Moodle	Version 3.0.0 rc2
Moodle Moodle	Version 3.0.0 rc3
Moodle Moodle	Version 3.0.0 rc4
Moodle Moodle	Version 3.0.1
Moodle Moodle	Version 3.0.2
Moodle Moodle	Version 3.0.3