Moodle is vulnerable to privilege escalation attacks. The attacks are possible due to a flaw in the self-enrollment functionality. The flaw allows an authenticated user to leverage a role from teacher to manager level without authorization.
CPE | Name | Operator | Version |
---|---|---|---|
moodle/moodle | le | 2.2.0 | |
moodle/moodle | le | 2.1.3 |