Description
The self-enrolment functionality in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 allows remote authenticated users to obtain the manager role by leveraging the teacher role.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Symposium 'get_profile_avatar.php' SQL Injection (0.64)
OpenSSL Use of Insufficiently Random Values Vulnerability (CVE-2019-1549)
Python Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-3426)
WordPress Plugin Advanced Search Cross-Site Scripting (1.1.2)