Description

The self-enrolment functionality in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 allows remote authenticated users to obtain the manager role by leveraging the teacher role.

Remediation

References

CVE-2012-0798

Related Vulnerabilities

PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-3278)

WordPress Plugin Google Doc Embedder SQL Injection (2.5.14)

Oracle Database Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-5498)

WordPress Plugin Modula Image Gallery Cross-Site Scripting (1.3.5)

WordPress Plugin DVS Custom Notification Multiple Cross-Site Request Forgery Vulnerabilities (1.0.1)

Severity

Medium

Classification

CVE-2012-0798 CWE-264

Tags

Missing Update Known Vulnerabilities