4 matches found
Unenforced Capability
Moodle has unenforced capabilities. The moodle/site:accessallgroups capability isn't enforced for outside-group users in the SEPARATEGROUPS configuration. Leveraging this flaw, authenticated attackers can perform login as actions through a direct request...
Privilege Escalation
Moodle is vulnerable to privilege escalation attacks. The attacks exist because the permission check for teacher are not properly handled, allowing any authenticated users with teacher role without accessallgroups capability to post any arbitrary groups...
CVE-2014-0009
course/loginas.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 does not enforce the moodle/site:accessallgroups capability requirement for outside-group users in a SEPARATEGROUPS configuration, which allows remote authenticated use...
CVE-2014-0009
course/loginas.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 does not enforce the moodle/site:accessallgroups capability requirement for outside-group users in a SEPARATEGROUPS configuration, which allows remote authenticated use...