CVE-2016-3729

The user editing form in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to edit profile fields locked by the administrator.

Published: Apr 20, 2017
Updated: Nov 9, 2025
CVE: CVE-2016-3729
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:P/A:N

CWEs:

CWE-284

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
moodle / moodle	2.7.1	2.7.1.x
moodle / moodle	2.7.0-rc2	2.7.0-rc2.x
moodle / moodle	2.8.3	2.8.3.x
moodle / moodle	2.8.7	2.8.7.x
moodle / moodle	2.7.6	2.7.6.x
moodle / moodle	2.7.11	2.7.11.x
moodle / moodle	2.7.2	2.7.2.x
moodle / moodle	2.7.4	2.7.4.x
moodle / moodle	2.9.4	2.9.4.x
moodle / moodle	2.8.9	2.8.9.x
moodle / moodle	2.7.9	2.7.9.x
moodle / moodle	2.8.10	2.8.10.x
moodle / moodle	2.8.4	2.8.4.x
moodle / moodle	2.8.6	2.8.6.x
moodle / moodle	3.0.2	3.0.2.x
moodle / moodle	2.7.12	2.7.12.x
moodle / moodle	3.0.0-beta	3.0.0-beta.x
moodle / moodle	3.0.0-rc3	3.0.0-rc3.x
moodle / moodle	3.0.0-rc4	3.0.0-rc4.x
moodle / moodle	2.7.0-beta	2.7.0-beta.x
moodle / moodle	2.7.10	2.7.10.x
moodle / moodle	2.7.5	2.7.5.x
moodle / moodle	3.0.1	3.0.1.x
moodle / moodle	2.7.3	2.7.3.x
moodle / moodle	2.8.8	2.8.8.x
moodle / moodle	2.7.0	2.7.0.x
moodle / moodle	3.0.0-rc1	3.0.0-rc1.x
moodle / moodle	3.0.0	3.0.0.x
moodle / moodle	2.9.1	2.9.1.x
moodle / moodle	2.8.1	2.8.1.x
moodle / moodle	2.9.5	2.9.5.x
moodle / moodle	2.7.0-rc1	2.7.0-rc1.x
moodle / moodle	3.0.0-rc2	3.0.0-rc2.x
moodle / moodle	2.8.11	2.8.11.x
moodle / moodle	2.8.5	2.8.5.x
moodle / moodle	2.7.13	2.7.13.x
moodle / moodle	3.0.3	3.0.3.x
moodle / moodle	2.9.2	2.9.2.x
moodle / moodle	2.7.8	2.7.8.x
moodle / moodle	2.9.3	2.9.3.x
moodle / moodle	2.8.2	2.8.2.x
moodle / moodle	2.7.7	2.7.7.x
moodle / moodle	2.8.0	2.8.0.x
moodle / moodle	2.9.0	2.9.0.x

Vulnerability Database

314,373

CVE-2016-3729

Deep Security Visibility Without the Complexity