Description
admin/roles/override.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to gain privileges by leveraging the teacher role and modifying their own capabilities, as demonstrated by obtaining the backup:userinfo capability.
Remediation
References
Related Vulnerabilities
WordPress Plugin Email Log SQL Injection (2.4.6)
LimeSurvey Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2021-44967)
WordPress Plugin Backup Migration Information Disclosure (1.2.8)
WordPress Plugin WP AmASIN-The Amazon Affiliate Shop Directory Traversal (0.9.6)
WordPress Plugin NextGEN Gallery-WordPress Gallery SQL Injection (3.2.10)