Description
backup/moodle2/restore_stepslib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not check for the moodle/course:changeidnumber privilege during handling of course ID numbers, which allows remote authenticated users to overwrite ID numbers via a restore action.
Remediation
References
Related Vulnerabilities
WordPress Plugin Better User Shortcodes Multiple Cross-Site Scripting Vulnerabilities (1.0)
Oracle JRE CVE-2014-0464 Vulnerability (CVE-2014-0464)
WordPress Plugin WP GitHub Tools Cross-Site Scripting (1.4.4)
MediaWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2017-0367)
Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-39126)