Description

lib/db/access.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 assigns incorrect capabilities to the course-creator role, which allows remote authenticated users to modify course filters by leveraging this role.

Remediation

References

CVE-2011-4296

Related Vulnerabilities

WordPress Plugin Testimonial-Best Testimonial Slider Cross-Site Scripting (2.1.6)

GeoServer Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-51444)

WordPress Plugin WP Statistics Multiple Unspecified Vulnerabilities (9.6.5)

WordPress Plugin My Tickets Cross-Site Request Forgery (1.9.10)

MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-8623)

Severity

Medium

Classification

CVE-2011-4296 CWE-264

Tags

Missing Update Known Vulnerabilities