Description
The lesson module in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to bypass intended access restrictions and enter additional answer attempts by leveraging the student role.
Remediation
References
Related Vulnerabilities
Django Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-33571)
WordPress Plugin Kama Click Counter Cross-Site Scripting (3.4.9)
Squid Improper Certificate Validation Vulnerability (CVE-2023-46724)
WordPress Plugin WooCommerce OpenPOS Arbitrary File Deletion (6.4.4)
WordPress Plugin Mini Mail Dashboard Widget 'abspath' Parameter Remote File Include (1.36)