Description
In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10.
Remediation
References
Related Vulnerabilities
WordPress Plugin Visual Form Builder Multiple Vulnerabilities (2.8.2)
WordPress Plugin Custom Sidebars-Dynamic Widget Area Manager Multiple Vulnerabilities (3.0.8)
Joomla! Core Remote Code Execution (1.5.0 - 3.4.5)
PHP Improper Input Validation Vulnerability (CVE-2016-10712)
WordPress Plugin Async JavaScript Cross-Site Scripting (2.20.12.09)