Description
A vulnerability was found in Moodle where users with "Log in as" capability in a course context (typically, course managers) may gain access to some site administration capabilities by "logging in as" a System manager. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. This is fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14.
Remediation
References
Related Vulnerabilities
WordPress Plugin Aoi Tori Cross-Site Scripting (1.1)
WordPress Plugin Spam Free WordPress Security Bypass (1.9.2)
MySQL CVE-2018-2761 Vulnerability (CVE-2018-2761)
SharePoint Improper Input Validation Vulnerability (CVE-2019-0957)
b2evolution URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-22840)