Description

admin/roles/override.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to gain privileges by leveraging the teacher role and modifying their own capabilities, as demonstrated by obtaining the backup:userinfo capability.

Remediation

References

CVE-2012-2359

Related Vulnerabilities

WordPress 5.7.x Multiple Vulnerabilities (5.7 - 5.7.2)

Oracle JRE CVE-2017-10309 Vulnerability (CVE-2017-10309)

PHP Other Vulnerability (CVE-2002-0081)

Moodle Server-Side Request Forgery (SSRF) Vulnerability (CVE-2023-35133)

WordPress Plugin Simple Slider 'New Image' Field Cross-Site Scripting (1.0)

Severity

Medium

Classification

CVE-2012-2359 CWE-264

Tags

Missing Update Known Vulnerabilities