Description
Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when restoring a course, which allows teachers to create new accounts even if they do not have the moodle/user:create capability.
Remediation
References
Related Vulnerabilities
WordPress Plugin MyBlogU Cross-Site Scripting (0.0.7)
Squid Exposure of Resource to Wrong Sphere Vulnerability (CVE-2022-41317)
WordPress Plugin Link Library SQL Injection (5.9.13.26)
Joomla Cryptographic Issues Vulnerability (CVE-2008-4122)
Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1598)