CVE-2012-3392 | Vulnerability Database | Aqua Security

mod/forum/unsubscribeall.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not consider whether a forum is optional, which allows remote authenticated users to bypass forum-subscription requirements by leveraging the student role and unsubscribing from all forums.

Affected Software

Name	Vendor	Start Version	End Version
Moodle	Moodle	2.1.0 (including)	2.1.0 (including)
Moodle	Moodle	2.1.1 (including)	2.1.1 (including)
Moodle	Moodle	2.1.2 (including)	2.1.2 (including)
Moodle	Moodle	2.1.3 (including)	2.1.3 (including)
Moodle	Moodle	2.1.4 (including)	2.1.4 (including)
Moodle	Moodle	2.1.5 (including)	2.1.5 (including)
Moodle	Moodle	2.1.6 (including)	2.1.6 (including)
Moodle	Moodle	2.2.0 (including)	2.2.0 (including)
Moodle	Moodle	2.2.1 (including)	2.2.1 (including)
Moodle	Moodle	2.2.2 (including)	2.2.2 (including)
Moodle	Moodle	2.2.3 (including)	2.2.3 (including)
Moodle	Ubuntu	artful	*
Moodle	Ubuntu	hardy	*
Moodle	Ubuntu	quantal	*
Moodle	Ubuntu	raring	*
Moodle	Ubuntu	saucy	*
Moodle	Ubuntu	upstream	*
Moodle	Ubuntu	utopic	*
Moodle	Ubuntu	vivid	*
Moodle	Ubuntu	wily	*
Moodle	Ubuntu	yakkety	*
Moodle	Ubuntu	zesty	*

References

http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=refs%2Fheads%2FMOODLE_22_STABLE\u0026st=commit\u0026s=MDL-31460
http://openwall.com/lists/oss-security/2012/07/17/1
http://secunia.com/advisories/49890
http://www.securityfocus.com/bid/54481
https://exchange.xforce.ibmcloud.com/vulnerabilities/76958
http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=refs%2Fheads%2FMOODLE_22_STABLE\u0026st=commit\u0026s=MDL-31460
http://openwall.com/lists/oss-security/2012/07/17/1
http://secunia.com/advisories/49890
http://www.securityfocus.com/bid/54481
https://exchange.xforce.ibmcloud.com/vulnerabilities/76958

NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-3392
CWE	https://cwe.mitre.org/data/definitions/16.html