Security Announcements

 
 
Picture of Petr Škoda
MSA-08-0001: Access elevation in user edit form
 
Topic:Access elevation in user edit form
Severity:Critical
Versions affected:1.5.x
<1.6.6
<1.7.3
Reported by:Gustav Delius
Issue no.:MDL-11663
Solution:upgrade to 1.6.6, 1.7.3 or any other latest stable release
Patches: MOODLE_16_STABLE http://cvs.moodle.org/moodle/user/edit.php?r1=1.112.2.4&r2=1.112.2.4.2.1
MOODLE_17_STABLE http://cvs.moodle.org/moodle/user/edit.php?r1=1.126.2.5&r2=1.126.2.6

Description:

Gustav Delius discovered and reported critical security problem in user editing interface which allows any registered user to significantly elevate his/her own permissions.