Description

Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when restoring a course, which allows teachers to create new accounts even if they do not have the moodle/user:create capability.

Remediation

References

CVE-2010-1616

Related Vulnerabilities

WordPress 5.9.x Shortcode Execution (5.9 - 5.9.6)

WordPress Plugin Fluid Responsive Slideshow Multiple Vulnerabilities (2.2.6)

Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2022-42130)

Internet Information Services Other Vulnerability (CVE-2003-0223)

Apache HTTP Server Resource Management Errors Vulnerability (CVE-2012-4557)

Severity

Medium

Classification

CVE-2010-1616

Tags

Missing Update Known Vulnerabilities