Description
mod/chat/gui_sockets/index.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not consider the mod/chat:chat capability before authorizing daemon-mode chat, which allows remote authenticated users to bypass intended access restrictions via an HTTP session to a chat server.
Remediation
References
Related Vulnerabilities
TYPO3 Other Vulnerability (CVE-2012-1605)
Apache HTTP Server Improper Input Validation Vulnerability (CVE-2016-8612)
ReviveAdserver 7PK - Security Features Vulnerability (CVE-2016-9470)
Oracle JRE CVE-2022-39399 Vulnerability (CVE-2022-39399)
WordPress Plugin WooCommerce-Store Exporter Multiple Cross-Site Scripting Vulnerabilities (1.7.5)