What is CVE-2015-5266?

CVE-2015-5266 is a medium-severity vulnerability in Moodle, classified under CWE-264. CVSS score: 6.8/10. Published 2016-02-22.

How severe is CVE-2015-5266?

Medium severity. CVSS v3 base score is 6.8 out of 10.

Vulnerability in Moodle

CVE-2015-5266

The enrol_meta_sync function in enrol/meta/locallib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to obtain manager privileges in opportunistic circumstances…

EPSS: 0.002 (48.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N.

Affected products

Moodle — versions 2.7.0, 2.7.1, 2.7.2
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
[oss-security] 20150921 Moodle security release (mailing-list, x_refsource_MLIST)
1033619 (vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2015-5266?: CVE-2015-5266 is a medium-severity vulnerability in Moodle, classified under CWE-264. CVSS score: 6.8/10. Published 2016-02-22.
How severe is CVE-2015-5266?: Medium severity. CVSS v3 base score is 6.8 out of 10.