Description

Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when restoring a course, which allows teachers to create new accounts even if they do not have the moodle/user:create capability.

Remediation

References

CVE-2010-1616

Related Vulnerabilities

Squid Reachable Assertion Vulnerability (CVE-2023-49286)

Undertow Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2020-10719)

WordPress Plugin PDF Flipbook, 3D Flipbook WordPress-DearFlip Cross-Site Scripting (1.7.9)

ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-9046)

WordPress Plugin WP No External Links Cross-Site Scripting (3.5.18)

Severity

Medium

Classification

CVE-2010-1616

Tags

Missing Update Known Vulnerabilities