Description
A vulnerability was found in Moodle where users with "Log in as" capability in a course context (typically, course managers) may gain access to some site administration capabilities by "logging in as" a System manager. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. This is fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Business Intelligence Lite SQL Injection (1.6.1)
WordPress Plugin Emag Marketplace Connector Cross-Site Scripting (1.0.0)
Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-3271)
Python CVE-2023-40217 Vulnerability (CVE-2023-40217)
WordPress Plugin Category and Page Icons Cross-Site Scripting (0.9.2)