Description
A vulnerability was found in Moodle affection 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions where activity creation capabilities were not correctly respected when selecting the activity to use for a course in single activity mode.
Remediation
References
Related Vulnerabilities
Moodle 7PK - Security Features Vulnerability (CVE-2015-5331)
Django Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-9014)
Oracle Database Server CVE-2014-6542 Vulnerability (CVE-2014-6542)
WordPress Plugin Advanced Shipping Validation for WooCommerce Cross-Site Scripting (1.0.0)
WordPress Plugin SendPress Newsletters Security Bypass (1.2.10.20)