4 matches found
Capability Bypass
Moodle is vulnerable to capability bypass. Authenticated attackers can bypass the mod/lti:view capability because it is only checked at a course level rather than the activity level...
Unauthorized Calendar Modification
Moodle is vulnerable to unauthorized calendar modification. The application does not check for capabilities for editing the calendar, allowing a malicious user to delete course level calendar subscription created by teacher users...
CVE-2014-7832
mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 performs access control at the course level rather than at the activity level, which allows remote authenticated users to bypass the mod/lti:view capability requirement by...
CVE-2014-7832
mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 performs access control at the course level rather than at the activity level, which allows remote authenticated users to bypass the mod/lti:view capability requirement by...