Description
A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Users with permission to delete entries from a glossary were able to delete entries from other glossaries they did not have direct access to.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2018-2629 Vulnerability (CVE-2018-2629)
Python Improper Neutralization of CRLF Sequences ('CRLF Injection') Vulnerability (CVE-2019-9947)
Oracle Database Server CVE-2007-3854 Vulnerability (CVE-2007-3854)
WordPress Plugin White Label CMS PHP Object Injection (2.4)
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-1578)