Description

Users' enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. This could lead to them unenrolling users without having permission to do so. Versions affected: 3.5 to 3.5.14, 3.7 to 3.7.8, 3.8 to 3.8.5, 3.9 to 3.9.2 and earlier unsupported versions. Fixed in 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10.

Remediation

References

CVE-2020-25698

Related Vulnerabilities

WordPress Plugin WooCommerce Security Bypass (4.6.1)

WordPress Plugin Shopp Multiple Vulnerabilities (1.0.17)

MySQL Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2005-0709)

WordPress Plugin RestroPress-Online Food Ordering System Cross-Site Request Forgery (2.8.2)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-2031)

Severity

High

Classification

CVE-2020-25698 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities