Description
A vulnerability was found in moodle before version 3.6.3. The get_with_capability_join and get_users_by_capability functions were not taking context freezing into account when checking user capabilities
Remediation
References
Related Vulnerabilities
WordPress Plugin Podlove Podcast Publisher Cross-Site Scripting (3.8.2)
WordPress 4.0 Multiple Vulnerabilities (4.0)
Liferay DXP Inefficient Regular Expression Complexity Vulnerability (CVE-2022-42124)
WordPress Plugin Calendar Event Multi View SQL Injection (1.01)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-1831)