Security announcements

MSA-17-0002: Incorrect sanitation of attributes in forums

Settings

• MSA-17-0001: System file inclusion when adding own preset file in Boost theme
• MSA-17-0003: PHPMailer vulnerability in no-reply address

Display mode Display replies flat, with oldest first Display replies flat, with newest first Display replies in threaded form Display replies in nested form

MSA-17-0002: Incorrect sanitation of attributes in forums

by Marina Glancy - Tuesday, January 17, 2017, 12:06 PM

Number of replies: 0

Description:	Forum post author can change too many fields when editing the post
Issue summary:	Incorrect sanitation of attributes
Severity/Risk:	Minor
Versions affected:	3.2, 3.1 to 3.1.3, 3.0 to 3.0.7, 2.9 to 2.9.9, 2.8 to 2.8.12, 2.7 to 2.7.17 and earlier unsupported versions
Versions fixed:	3.2.1, 3.1.4, 3.0.8 and 2.7.18
Reported by:	Anshul Jain
Issue no.:	MDL-56225
CVE identifier:	CVE-2017-2576
Changes (master):	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-56225

Permalink

• MSA-17-0001: System file inclusion when adding own preset file in Boost theme
• MSA-17-0003: PHPMailer vulnerability in no-reply address