Vulnerability CVE-2020-14321


Published: 2022-08-16

Description:
In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role within that course.

See advisories in our WLB2 database:
Topic
Author
Date
High
Moodle 3.9 Remote Code Execution
lanz
06.08.2021
Med.
Moodle Teacher Enrollment Privilege Escalation / Remote Code Execution
h00die
12.10.2021

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

 References:
https://moodle.org/mod/forum/discuss.php?d=407393

Copyright 2024, cxsecurity.com

 

Back to Top