Moodle is vulnerable to ignored context locking. The functions get_with_capability_join
and get_users_by_capability
do not take the context locking feature into account when considering user capability.
CPE | Name | Operator | Version |
---|---|---|---|
moodle/moodle | le | 3.5.4 | |
moodle/moodle | le | 3.4.7 | |
moodle/moodle | le | 3.6.2 |