mod/data/edit.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 sets a certain group ID to zero upon a database-entry change, which allows remote authenticated users to obtain sensitive information by accessing the database after an edit by a teacher.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-11-24T11:00:00

Updated: 2024-08-06T13:03:27.459Z

Reserved: 2014-10-03T00:00:00

Link: CVE-2014-7833

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2014-11-24T11:59:03.757

Modified: 2024-11-21T02:18:06.190

Link: CVE-2014-7833

cve-icon Redhat

No data.