Description
In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role within that course.
Remediation
References
Related Vulnerabilities
WordPress 4.1.x Cross-Site Scripting Vulnerability (4.1 - 4.1.8)
Magento CVE-2019-8144 Vulnerability (CVE-2019-8144)
WordPress Plugin FourSquare Checkins Cross-Site Request Forgery (1.2)
WordPress Other Vulnerability (CVE-2006-4743)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-1849)