Description

backup/moodle2/restore_stepslib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not check for the moodle/course:changeidnumber privilege during handling of course ID numbers, which allows remote authenticated users to overwrite ID numbers via a restore action.

Remediation

References

CVE-2011-4589

Related Vulnerabilities

e107 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-16388)

Oracle Application Server Other Vulnerability (CVE-2006-5365)

WordPress Plugin Relocate Upload 'abspath' Parameter Remote File Include (0.14)

Apache Traffic Server Improper Input Validation Vulnerability (CVE-2022-31779)

WordPress Plugin Keep Backup Daily Cross-Site Scripting (2.0.2)

Severity

Medium

Classification

CVE-2011-4589 CWE-264

Tags

Missing Update Known Vulnerabilities