Description: | By tweaking URLs, users who were able to delete pages in at least one Wiki activity in the course were able to delete pages in other Wiki pages in the same course. |
Issue summary: | unvalidated parameters in mod/wiki/admin.php |
Severity/Risk: | Minor |
Versions affected: | 2.7 to 2.7.2, 2.6 to 2.6.5, 2.5 to 2.5.8 and earlier unsupported versions |
Versions fixed: | 2.8, 2.7.3, 2.6.6 and 2.5.9 |
Reported by: | Petr Skoda |
Issue no.: | MDL-47949 |
CVE identifier: | CVE-2014-7837 |
Changes (master): | http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47949 |