Description
A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site.
Remediation
References
Related Vulnerabilities
WordPress Plugin MainWP Child Reports SQL Injection (2.0.7)
Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2018-1302)
MySQL CVE-2021-2061 Vulnerability (CVE-2021-2061)
Joomla! Core 3.x.x Multiple Cross-Site Request Forgery Vulnerabilities (3.2.0 - 3.9.15)
WordPress Plugin GS Portfolio for Envato Cross-Site Scripting (1.3.8)