Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Incorrect Authorization Vulnerability (CVE-2021-40692)

Description

Insufficient capability checks made it possible for teachers to download users outside of their courses.

Remediation

References

Related Vulnerabilities

GlassFish CVE-2017-10385 Vulnerability (CVE-2017-10385)

WordPress Plugin HashThemes Demo Importer Security Bypass (1.1.1)

MySQL CVE-2016-3486 Vulnerability (CVE-2016-3486)

WordPress 4.7.x Multiple Vulnerabilities (4.7 - 4.7.13)

Contao Key Management Errors Vulnerability (CVE-2019-10643)

Severity

Medium

Classification

CVE-2021-40692 CWE-863 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities