Miggo Logo

CVE-2016-8642: Moodle Unauthenticated Access

5.3

CVSS Score
3.0

Basic Information

EPSS Score
0.44871%
Published
5/13/2022
Updated
11/2/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
moodle/moodlecomposer>= 3.1.0, <= 3.1.23.1.3
moodle/moodlecomposer>= 3.0.0, <= 3.0.63.0.7
moodle/moodlecomposer>= 2.9.0, <= 2.9.82.9.9
moodle/moodlecomposer>= 2.8.0, <= 2.8.12
moodle/moodlecomposer>= 2.7.0, <= 2.7.162.7.17

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from missing question ID validation in file access checks. The patch adds $args[0] == $this->id validations to:

  1. Essay question's graderinfo access check
  2. Base question class's questiontext/generalfeedback handlers
  3. Combined feedback file checker These missing checks allowed attackers to access files from other questions by manipulating the question ID parameter, bypassing access controls. The commit diff and CWE-284 classification confirm improper access control in these functions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In Moo*l* *.x *n* *.x, t** qu*stion *n*in* *llows ****ss to *il*s t**t s*oul* not ** *v*il**l*.

Reasoning

T** vuln*r**ility st*mm** *rom missin* qu*stion I* v*li**tion in *il* ****ss ****ks. T** p*t** ***s $*r*s[*] == $t*is->i* v*li**tions to: *. *ss*y qu*stion's *r***rin*o ****ss ****k *. **s* qu*stion *l*ss's qu*stiont*xt/**n*r*l*******k **n*l*rs *. *o