Description
The "restore teacher" feature in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to overwrite the course idnumber.
Remediation
References
Related Vulnerabilities
MySQL CVE-2022-21311 Vulnerability (CVE-2022-21311)
WordPress Plugin BSK PDF Manager SQL Injection (3.1.1)
Jboss EAP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-9514)
Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-2488)
Oracle JRE Acceptance of Extraneous Untrusted Data With Trusted Data Vulnerability (CVE-2024-21094)