VYPR
← All advisories
Moderate severityNVD Advisory· Published Nov 24, 2014· Updated May 6, 2026

CVE-2014-7833

CVE-2014-7833

Description

mod/data/edit.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 sets a certain group ID to zero upon a database-entry change, which allows remote authenticated users to obtain sensitive information by accessing the database after an edit by a teacher.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
moodle/moodlePackagist
< 2.5.92.5.9
moodle/moodlePackagist
>= 2.6.0, < 2.6.62.6.6
moodle/moodlePackagist
>= 2.7.0, < 2.7.32.7.3

Affected products

19
  • Moodle/Moodle19 versions
    cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*+ 18 more
    • cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*range: <=2.4.11
    • cpe:2.3:a:moodle:moodle:2.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.5.4:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.5.5:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.5.6:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.5.7:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.5.8:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.6.3:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.6.4:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.6.5:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.7.2:*:*:*:*:*:*:*

Patches

4
cc375a22b95b

MDL-47697 mod_data: Fix group id change when editing.

https://github.com/moodle/moodleAdrian GreeveOct 28, 2014via ghsa
commit
1 file changed · +0 1
  • mod/data/edit.php+0 1 modified
    @@ -168,7 +168,6 @@
             $record->approved = 0;
         }
 
-        $record->groupid = $currentgroup;
         $record->timemodified = time();
         $DB->update_record('data_records', $record);
2c639e85a32a

MDL-47697 mod_data: Fix group id change when editing.

https://github.com/moodle/moodleAdrian GreeveOct 28, 2014via ghsa
commit
1 file changed · +0 1
  • mod/data/edit.php+0 1 modified
    @@ -168,7 +168,6 @@
             $record->approved = 0;
         }
 
-        $record->groupid = $currentgroup;
         $record->timemodified = time();
         $DB->update_record('data_records', $record);
3e312a16f48d

MDL-47697 mod_data: Fix group id change when editing.

https://github.com/moodle/moodleAdrian GreeveOct 28, 2014via ghsa
commit
1 file changed · +0 1
  • mod/data/edit.php+0 1 modified
    @@ -168,7 +168,6 @@
             $record->approved = 0;
         }
 
-        $record->groupid = $currentgroup;
         $record->timemodified = time();
         $DB->update_record('data_records', $record);
c4a6c65c1bd8

MDL-47697 mod_data: Fix group id change when editing.

https://github.com/moodle/moodleAdrian GreeveOct 28, 2014via ghsa
commit
1 file changed · +0 1
  • mod/data/edit.php+0 1 modified
    @@ -168,7 +168,6 @@
             $record->approved = 0;
         }
 
-        $record->groupid = $currentgroup;
         $record->timemodified = time();
         $DB->update_record('data_records', $record);

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

10

News mentions

0

No linked articles in our index yet.