8 matches found
EUVD-2021-0714
Malware in sbrugna...
Improper Access Control in moodle
Users' enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. This could lead to them unenrolling users without having permission to do so. Versions affected: 3.5 to 3.5.14, 3.7 to 3.7.8, 3.8 to 3.8.5, 3.9 to 3.9.2 and earlier...
UBUNTU-CVE-2020-25698
Users' enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. This could lead to them unenrolling users without having permission to do so. Versions affected: 3.5 to 3.5.14, 3.7 to 3.7.8, 3.8 to 3.8.5, 3.9 to 3.9.2 and earlier...
PT-2022-5977 · Moodle +2 · Moodle +2
Name of the Vulnerable Software and Affected Versions: Moodle affected versions not specified Description: A vulnerability exists in Moodle due to insufficient validation of the HTTP request origin in course redirect URL. This allows a remote attacker to trick a victim into visiting a specially...
PT-2020-16161 · Moodle +1 · Moodle +1
Name of the Vulnerable Software and Affected Versions: moodle versions 3.5 to 3.5.14 moodle versions 3.7 to 3.7.8 moodle versions 3.8 to 3.8.5 moodle versions 3.9 to 3.9.2 Description: Insufficient capability checks in moodle could lead to users with the ability to course restore adding additiona...
CVE-2010-1616
Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when restoring a course, which allows teachers to create new accounts even if they do not have the moodle/user:create capability...
Security feature bypass
Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when restoring a course, which allows teachers to create new accounts even if they do not have the moodle/user:create capability...
CVE-2010-1616
Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when restoring a course, which allows teachers to create new accounts even if they do not have the moodle/user:create capability...