Description
A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site.
Remediation
References
Related Vulnerabilities
WordPress Plugin Multiple Roles Cross-Site Request Forgery (1.3.1)
WordPress Plugin Auto Prune Posts Cross-Site Request Forgery (1.8.0)
Liferay Portal Incorrect Authorization Vulnerability (CVE-2025-62259)
PHP Other Vulnerability (CVE-2014-4670)
WordPress Plugin Contact Form 7 Database Multiple Vulnerabilities (1.1)