CVE-2021-21937

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘hostaltfilter’ parameter. This can be done as any authenticated user or through cross-site request forgery...

Fedora 21 : moodle-2.7.5-1.fc21 (2015-1751)

"The following security notifications have now been made public : ====================================================================== ======== MSA-15-0001: Insufficient access check in LTI module Description: Absence of capability check in AJAX backend script could allow any enrolled user to...