CVE-2017-7532

Published: Jul 17, 2017Modified: May 13, 2026

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

In Moodle 3.x, course creators are able to change system default settings for courses.

Affected (22)

Products: Moodle: Moodle

1 product

Configuration A

22 vulnerable

Vulnerable Software	Affected Versions
Moodle Moodle	Version 3.1.0
Moodle Moodle	Version 3.1.0 beta
Moodle Moodle	Version 3.1.0 rc1
Moodle Moodle	Version 3.1.0 rc2
Moodle Moodle	Version 3.1.1
Moodle Moodle	Version 3.1.2
Moodle Moodle	Version 3.1.3
Moodle Moodle	Version 3.1.4
Moodle Moodle	Version 3.1.5
Moodle Moodle	Version 3.1.6
Moodle Moodle	Version 3.2.0
Moodle Moodle	Version 3.2.0 beta
Moodle Moodle	Version 3.2.0 rc1
Moodle Moodle	Version 3.2.0 rc2
Moodle Moodle	Version 3.2.0 rc3
Moodle Moodle	Version 3.2.0 rc4
Moodle Moodle	Version 3.2.0 rc5
Moodle Moodle	Version 3.2.1
Moodle Moodle	Version 3.2.2
Moodle Moodle	Version 3.2.3
Moodle Moodle	Version 3.3.0
Moodle Moodle	Version 3.3.1

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (4)

http://www.securityfocus.com/bid/99617

Source: cve@mitre.org

https://moodle.org/mod/forum/discuss.php?d=355556

Source: cve@mitre.org

PatchVendor Advisory

http://www.securityfocus.com/bid/99617

Source: af854a3a-2127-422b-91ae-364da2661108

https://moodle.org/mod/forum/discuss.php?d=355556

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.