Description
admin/roles/override.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to gain privileges by leveraging the teacher role and modifying their own capabilities, as demonstrated by obtaining the backup:userinfo capability.
Remediation
References
Related Vulnerabilities
WebLogic CVE-2021-35620 Vulnerability (CVE-2021-35620)
Roundcube Files or Directories Accessible to External Parties Vulnerability (CVE-2017-16651)
WordPress Plugin Centrora Security Multiple Vulnerabilities (6.5.6)
MySQL CVE-2019-2796 Vulnerability (CVE-2019-2796)
MediaWiki Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2021-44856)