Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Improper Privilege Management Vulnerability (CVE-2020-25699)

Description

In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10.

Remediation

References

Related Vulnerabilities

Apache HTTP Server Uncontrolled Resource Consumption Vulnerability (CVE-2014-0118)

WordPress Plugin WatchMan-Site7 Cross-Site Request Forgery (3.0.2)

WordPress Plugin Photo Gallery by Ays-Responsive Image Gallery SQL Injection (4.4.3)

Django Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2013-4315)

WordPress Plugin WORDPRESS VIDEO GALLERY Multiple Vulnerabilities (2.3.1)

Severity

High

Classification

CVE-2020-25699 CWE-269 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities