Description
lib/db/access.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 assigns incorrect capabilities to the course-creator role, which allows remote authenticated users to modify course filters by leveraging this role.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress WP-Advanced-Search SQL Injection (3.3.5)
WordPress Plugin Lightbox Plus Colorbox Cross-Site Scripting (2.7.2)
WebLogic CVE-2022-21257 Vulnerability (CVE-2022-21257)
WordPress Plugin Google Forms Cross-Site Scripting (0.84)
WordPress Plugin Gravity Forms Directory Cross-Site Scripting (3.7.1)