Description

lib/db/access.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 assigns incorrect capabilities to the course-creator role, which allows remote authenticated users to modify course filters by leveraging this role.

Remediation

References

CVE-2011-4296

Related Vulnerabilities

MySQL CVE-2019-2743 Vulnerability (CVE-2019-2743)

WordPress Plugin Word Balloon Cross-Site Scripting (4.19.2)

WordPress Plugin Twitter LiveBlog Cross-Site Request Forgery (1.1.2)

WordPress Plugin Livemesh Addons for Elementor Multiple Cross-Site Scripting Vulnerabilities (6.7.1)

Moodle Improper Privilege Management Vulnerability (CVE-2020-25699)

Severity

Medium

Classification

CVE-2011-4296 CWE-264

Tags

Missing Update Known Vulnerabilities