vulnerability

Moodle: Improper Access Control (CVE-2019-10188)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:N/I:P/A:N)	Jul 31, 2019	Nov 7, 2019	Apr 7, 2026

Severity

CVSS

(AV:N/AC:L/Au:S/C:N/I:P/A:N)

Published

Jul 31, 2019

Added

Nov 7, 2019

Modified

Apr 7, 2026

Description

A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in a quiz group could modify group overrides for other groups in the same quiz.

Solutions

moodle-upgrade-3_5_7moodle-upgrade-3_6_5moodle-upgrade-3_7_1

References

CVE-2019-10188
https://attackerkb.com/topics/CVE-2019-10188
CWE-284
EUVD-EUVD-2022-3277
http://www.securityfocus.com/bid/109178
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10188
https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-3277
https://moodle.org/mod/forum/discuss.php?d=388569

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report