Description
comment/lib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not properly restrict comment capabilities, which allows remote attackers to post a comment by leveraging the guest role and operating on a front-page activity.
Remediation
References
Related Vulnerabilities
Magento Improper Authentication Vulnerability (CVE-2019-8108)
WordPress Plugin Modern Events Calendar Lite Multiple Vulnerabilities (5.16.5)
WordPress Plugin Total Sales For Woocommerce Cross-Site Scripting (1.1)
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2021-37150)
WordPress Plugin HDW WordPress Video Gallery Multiple Cross-Site Scripting Vulnerabilities (1.2)