Description

Insufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary moodle/user:delete capability.

Remediation

References

CVE-2022-0985

Related Vulnerabilities

WordPress Plugin Faster and Easier scroll to Top for WordPress-Smart Scroll to Top Lite includes Backdoor [Only if downloaded via the vendor website] (1.0.3)

WordPress Plugin Gallery for Social Photo Cross-Site Request Forgery (1.0.0.27)

Drupal Core 9.0.x Directory Traversal (9.0.0 - 9.0.14)

phpMyFAQ Uncaught Exception Vulnerability (CVE-2023-0790)

WordPress Plugin SEO-Dashboard by gutewebsites.de Cross-Site Scripting (1.2.5)

Severity

Medium

Classification

CVE-2022-0985 CWE-287 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities