Description
A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site.
Remediation
References
Related Vulnerabilities
WordPress Plugin MP3-jPlayer Information Disclosure (2.3.2)
SharePoint Authentication Bypass by Spoofing Vulnerability (CVE-2021-42320)
WordPress Plugin FCChat Widget 'path' Parameter Cross-Site Scripting (2.1.7)
PrestaShop Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-8823)
Oracle Application Server Other Vulnerability (CVE-2007-0286)