Description

lib/db/access.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 assigns incorrect capabilities to the course-creator role, which allows remote authenticated users to modify course filters by leveraging this role.

Remediation

References

CVE-2011-4296

Related Vulnerabilities

WordPress Plugin RegistrationMagic-Custom Registration Forms, User Registration, Payment, and User Login Multiple Vulnerabilities (4.6.0.3)

Oracle Application Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-0275)

WordPress Plugin Paid Membership, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content-ProfilePress Cross-Site Scripting (3.2.15)

SharePoint CVE-2021-31171 Vulnerability (CVE-2021-31171)

WordPress Plugin Image Widget Unspecified Vulnerability (4.1.2)

Severity

Medium

Classification

CVE-2011-4296 CWE-264

Tags

Missing Update Known Vulnerabilities