Medium severity6.5NVD Advisory· Published Apr 20, 2017· Updated May 13, 2026
CVE-2016-3729
CVE-2016-3729
Description
The user editing form in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to edit profile fields locked by the administrator.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
moodle/moodlePackagist | >= 3.0, < 3.0.3 | 3.0.3 |
moodle/moodlePackagist | >= 2.9, < 2.9.6 | 2.9.6 |
moodle/moodlePackagist | >= 2.8, < 2.8.12 | 2.8.12 |
moodle/moodlePackagist | >= 2.7, < 2.7.14 | 2.7.14 |
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- www.openwall.com/lists/oss-security/2016/05/17/4nvdMailing ListThird Party AdvisoryWEB
- www.securitytracker.com/id/1035902nvdThird Party AdvisoryVDB EntryWEB
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party AdvisoryWEB
- github.com/advisories/GHSA-g96h-wvrm-c2wwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-3729ghsaADVISORY
News mentions
0No linked articles in our index yet.