Description

lib/db/access.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 assigns incorrect capabilities to the course-creator role, which allows remote authenticated users to modify course filters by leveraging this role.

Remediation

References

CVE-2011-4296

Related Vulnerabilities

PHP Other Vulnerability (CVE-2003-0861)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-29044)

Oracle Application Server CVE-2008-2583 Vulnerability (CVE-2008-2583)

WordPress Plugin iThemes Security (formerly Better WP Security) Information Disclosure (5.1.1)

WordPress Plugin Login rebuilder Cross-Site Request Forgery (1.1.3)

Severity

Medium

Classification

CVE-2011-4296 CWE-264

Tags

Missing Update Known Vulnerabilities