Moodle 2.7.x < 2.7.10 / 2.8.x < 2.8.8 / 2.9.x < 2.9.2 Multiple Vulnerabilities
High Nessus Network Monitor Plugin ID 8969
SynopsisThe remote web server is hosting a web application that is vulnerable to multiple attack vectors.
DescriptionMoodle, an open-source course management system, installed on the remote host is version 2.7.x prior to 2.7.10, 2.8.x prior to 2.8.8, or 2.9.x prior to 2.9.2, and is affected by multiple vulnerabilities :
- A flaw due to the program failing to restrict users properly allowing an authenticated remote attacker to delete arbitrary files uploaded from other users. (CVE-2015-5265)
- A race condition in the 'enrol/meta/locallib.php' script that can allow suspended students to get assigned a manager role in meta course for several minutes allowing an authenticated remote attacker to gain elevated privileges. (CVE-2015-5266)
- A flaw in the 'complex_random_string()' function in the 'lib/moodlelib.php' script that is due to the limitation of PHP randomization. This can cause the program to create predictable password recovery tokens. (CVE-2015-5267)
- A flaw in the lesson module that is due to the program failing to protect against making new attempts to answer some questions allowing an authenticated remote attacker to re-attempt answering questions in the lesson. (CVE-2015-5264)
- A flaw in the rating component that is due to the program failing to check separate groups allowing an authenticated remote attacker to view ratings from other groups. (CVE-2015-5268)
- A flaw that allows a stored cross-site scripting (XSS) attack. This flaw exists because the 'group/overview.php' script does not validate input to grouping descriptions before returning it to users. This may allow an authenticated, remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (CVE-2015-5269)
- A flaw due to the program failing to check group access when posting to 'all participants' in forum allowing a remote attacker to bypass access restrictions and post to arbitrary locations. (CVE-2015-5272)
SolutionUpgrade to Moodle version 2.7.10, 2.8.8, or 2.9.2 or later.