Topic: | Access elevation in user edit form |
Severity: | Critical |
Versions affected: | 1.5.x <1.6.6 <1.7.3 |
Reported by: | Gustav Delius |
Issue no.: | MDL-11663 |
Solution: | upgrade to 1.6.6, 1.7.3 or any other latest stable release |
Patches: |
MOODLE_16_STABLE http://cvs.moodle.org/moodle/user/edit.php?r1=1.112.2.4&r2=1.112.2.4.2.1 MOODLE_17_STABLE http://cvs.moodle.org/moodle/user/edit.php?r1=1.126.2.5&r2=1.126.2.6 |
Description:
Gustav Delius discovered and reported critical security problem in user editing interface which allows any registered user to significantly elevate his/her own permissions.