Home > Vulnerability Database > CVE-2016-3733

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2016-3733

Date: April 20, 2017

The "restore teacher" feature in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to overwrite the course idnumber.

Language: PHP

Severity Score

4.3

Related Resources (10)

Url: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51369

Url: http://www.securitytracker.com/id/1035902

Url: https://github.com/moodle/moodle/commit/12c28574868d6f6e5c57fb63298c82cb8bdd0bb6

Url: http://www.openwall.com/lists/oss-security/2016/05/17/4

Url: https://github.com/moodle/moodle/commit/2950f9fb9128f9ae48e00b864da90be76c2bf139

Url: https://nvd.nist.gov/vuln/detail/CVE-2016-3733

Url: https://github.com/moodle/moodle/commit/24b0c3c86ae96e46b87d6e9d6bcf4a6014dae8f0

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1335933

Url: https://github.com/moodle/moodle/commit/3c9d2b104023a8b9fdc5f4d7e136083babd2609a

Url: https://www.mend.io/vulnerability-database/CVE-2016-3733

Severity Score

4.3

Weakness Type (CWE)

Improper Access Control

CWE-284

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Do you need more information?

Contact Us