CVE-2012-6098 | Date: (C)2013-01-28 (M)2023-12-22 |
grade/edit/outcome/edit_form.php in Moodle 1.9.x through 1.9.19, 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/grade:manage capability requirement, which allows remote authenticated users to convert custom outcomes into standard site-wide outcomes by leveraging the teacher role and using the re-editing feature.
CVSS Score and Metrics +CVSS Score and Metrics -CVSS V2 Severity: |
CVSS Score : 4.0 |
Exploit Score: 8.0 |
Impact Score: 2.9 |
|
CVSS V2 Metrics: |
Access Vector: NETWORK |
Access Complexity: LOW |
Authentication: SINGLE |
Confidentiality: NONE |
Integrity: PARTIAL |
Availability: NONE |
| |