CVE-2020-14321

CVE-2020-14321 affects Moodle where, in versions before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, a teacher can assign themselves the course manager role, enabling privilege escalation. This can lead to broader access and, in chained exploits, remote code execution (RCE) via subsequent actions (e.g., lever...

PT-2022-8563 · Moodle +1 · Moodle +1

Name of the Vulnerable Software and Affected Versions: Moodle versions prior to 3.9.1 Moodle versions prior to 3.8.4 Moodle versions prior to 3.7.7 Moodle versions prior to 3.5.13 Description: The issue allows teachers of a course to assign themselves the manager role within that course...