Primary

Context

Moodle Innovación y Cualificación Local Administration Plugin Broken Access Control Vulnerability

Vulnerability

A broken access control vulnerability has been identified in the Innovación y Cualificación local administration plugin, specifically in the ajax.php file. This vulnerability allows attackers to access sensitive information about other users, including their ID, name, login, and email address.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive user information, such as IDs, names, login credentials, and email addresses.

Remediation

A new version has been released to address these vulnerabilities, and the update has been implemented in all affected installations. The process will be completed by December 2024.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Moodle Innovación y Cualificación Local Administration Plugin Broken Access Control Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating