Description
Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when restoring a course, which allows teachers to create new accounts even if they do not have the moodle/user:create capability.
Remediation
References
Related Vulnerabilities
WordPress 5.9.x Shortcode Execution (5.9 - 5.9.6)
WordPress Plugin Fluid Responsive Slideshow Multiple Vulnerabilities (2.2.6)
Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2022-42130)
Internet Information Services Other Vulnerability (CVE-2003-0223)
Apache HTTP Server Resource Management Errors Vulnerability (CVE-2012-4557)