CVE-2012-2366

mod/data/preset.php in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not properly iterate through an array, which allows remote authenticated users to overwrite arbitrary database activity presets via unspecified vectors.

Date published : 2012-07-20

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31763

http://openwall.com/lists/oss-security/2012/05/23/2