VYPR
Get started
← All advisories
Medium severity6.8NVD Advisory· Published Feb 22, 2016· Updated May 6, 2026

CVE-2015-5266

CVE-2015-5266

Description

The enrol_meta_sync function in enrol/meta/locallib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to obtain manager privileges in opportunistic circumstances by leveraging incorrect role processing during a long-running sync script.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
moodle/moodlePackagist
>= 2.7.0, < 2.7.102.7.10
moodle/moodlePackagist
>= 2.8.0, < 2.8.82.8.8
moodle/moodlePackagist
>= 2.9.0, < 2.9.22.9.2

Affected products

21
  • Moodle/Moodle21 versions
    cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*+ 20 more
    • cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*range: <=2.6.11
    • cpe:2.3:a:moodle:moodle:2.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.7.3:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.7.4:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.7.5:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.7.6:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.7.7:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.7.8:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.7.9:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.8.2:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.8.3:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.8.4:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.8.5:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.8.6:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.8.7:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.9.1:*:*:*:*:*:*:*

Patches

4
936facab28d8

MDL-50744 enrol_meta: fix incorrect role assign (#2)

https://github.com/moodle/moodleMarina GlancySep 11, 2015via ghsa
commit
1 file changed · +2 2
  • enrol/meta/locallib.php+2 2 modified
    @@ -216,7 +216,7 @@ protected static function user_not_supposed_to_be_here($instance, $ue, context_c
 
         if ($unenrolaction == ENROL_EXT_REMOVED_UNENROL) {
             // Purges grades, group membership, preferences, etc. - admins were warned!
-            $plugin->unenrol_user($instance, $ue->userid, null, 0, 0, $ue->status);
+            $plugin->unenrol_user($instance, $userid);
 
         } else if ($unenrolaction == ENROL_EXT_REMOVED_SUSPEND) {
             if ($ue->status != ENROL_USER_SUSPENDED) {
@@ -309,7 +309,7 @@ function enrol_meta_sync($courseid = NULL, $verbose = false) {
             }
         }
 
-        $meta->enrol_user($instance, $ue->userid, $ue->status);
+        $meta->enrol_user($instance, $ue->userid, null, 0, 0, $ue->status);
         if ($verbose) {
             mtrace("  enrolling: $ue->userid ==> $instance->courseid");
         }
dff6cdc88355

MDL-50744 enrol_meta: fix incorrect role assign

https://github.com/moodle/moodleMarina GlancySep 2, 2015via ghsa
commit
1 file changed · +1 1
  • enrol/meta/locallib.php+1 1 modified
    @@ -216,7 +216,7 @@ protected static function user_not_supposed_to_be_here($instance, $ue, context_c
 
         if ($unenrolaction == ENROL_EXT_REMOVED_UNENROL) {
             // Purges grades, group membership, preferences, etc. - admins were warned!
-            $plugin->unenrol_user($instance, $userid);
+            $plugin->unenrol_user($instance, $ue->userid, null, 0, 0, $ue->status);
 
         } else if ($unenrolaction == ENROL_EXT_REMOVED_SUSPEND) {
             if ($ue->status != ENROL_USER_SUSPENDED) {
f7fbc80766b7

MDL-50744 enrol_meta: fix incorrect role assign

https://github.com/moodle/moodleMarina GlancySep 2, 2015via ghsa
commit
1 file changed · +1 1
  • enrol/meta/locallib.php+1 1 modified
    @@ -216,7 +216,7 @@ protected static function user_not_supposed_to_be_here($instance, $ue, context_c
 
         if ($unenrolaction == ENROL_EXT_REMOVED_UNENROL) {
             // Purges grades, group membership, preferences, etc. - admins were warned!
-            $plugin->unenrol_user($instance, $userid);
+            $plugin->unenrol_user($instance, $ue->userid, null, 0, 0, $ue->status);
 
         } else if ($unenrolaction == ENROL_EXT_REMOVED_SUSPEND) {
             if ($ue->status != ENROL_USER_SUSPENDED) {
ab006d43e48a

MDL-50744 enrol_meta: fix incorrect role assign

https://github.com/moodle/moodleMarina GlancySep 2, 2015via ghsa
commit
1 file changed · +1 1
  • enrol/meta/locallib.php+1 1 modified
    @@ -314,7 +314,7 @@ function enrol_meta_sync($courseid = NULL, $verbose = false) {
             }
         }
 
-        $meta->enrol_user($instance, $ue->userid, $ue->status);
+        $meta->enrol_user($instance, $ue->userid, null, 0, 0, $ue->status);
         if ($instance->customint2) {
             groups_add_member($instance->customint2, $ue->userid, 'enrol_meta', $instance->id);
         }

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

10

News mentions

0

No linked articles in our index yet.