UBUNTU-CVE-2012-2366

Source
https://ubuntu.com/security/CVE-2012-2366
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2012/UBUNTU-CVE-2012-2366.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2012-2366
Upstream
  • CVE-2012-2366
Withdrawn
2025-07-18T16:42:46Z
Published
2012-07-21T03:38:00Z
Modified
2025-07-16T07:17:01.262170Z
Severity
  • Ubuntu - medium
Summary
[none]
Details

mod/data/preset.php in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not properly iterate through an array, which allows remote authenticated users to overwrite arbitrary database activity presets via unspecified vectors.

References

Affected packages

Ubuntu:14.04:LTS / moodle

Package

Name
moodle
Purl
pkg:deb/ubuntu/moodle@2.5.4-1ubuntu1?arch=source&distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.4-1ubuntu1

Affected versions

2.*
2.5.2-1
2.5.3-1
2.5.3-2
2.5.3-3

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "moodle",
            "binary_version": "2.5.4-1ubuntu1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2012/UBUNTU-CVE-2012-2366.json"