Description
lib/db/access.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 assigns incorrect capabilities to the course-creator role, which allows remote authenticated users to modify course filters by leveraging this role.
Remediation
References
Related Vulnerabilities
Sqlite Out-of-bounds Write Vulnerability (CVE-2020-15358)
WordPress Plugin EventON Cross-Site Scripting (3.0.5)
Moodle CVE-2022-30598 Vulnerability (CVE-2022-30598)
WordPress Plugin HDInvoice-Create Invoices Arbitrary File Upload (0.1)
ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-1499)