Description
The lesson module in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to bypass intended access restrictions and enter additional answer attempts by leveraging the student role.
Remediation
References
Related Vulnerabilities
MySQL CVE-2023-22058 Vulnerability (CVE-2023-22058)
WordPress Plugin Simple Job Board Cross-Site Scripting (2.4.3)
Oracle JRE CVE-2018-2633 Vulnerability (CVE-2018-2633)
WordPress Plugin Easy Social Feed-Social Photos Gallery-Post Feed-Like Box Security Bypass (6.3.3)
WordPress Plugin Stripe Payment for WooCommerce Security Bypass (3.7.7)