Launchpad.net

CVE 2014-2572

mod/assign/externallib.php in Moodle 2.6.x before 2.6.2 does not properly handle assignment web-service parameters, which might allow remote authenticated users to modify grade metadata via unspecified vectors.

See the CVE page on Mitre.org for more details.