CVE-2012-2366 Information

Description

mod/data/preset.php in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not properly iterate through an array which allows remote authenticated users to overwrite arbitrary database activity presets via unspecified vectors.

Reference

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31763 http://openwall.com/lists/oss-security/2012/05/23/2