Description

admin/roles/override.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to gain privileges by leveraging the teacher role and modifying their own capabilities, as demonstrated by obtaining the backup:userinfo capability.

Remediation

References

CVE-2012-2359

Related Vulnerabilities

WordPress Plugin Redirect 404 Error Page to Homepage or Custom Page with Logs Cross-Site Request Forgery (1.7.8)

WordPress Plugin LB Tube Video for WordPress Cross-Site Scripting (1.0)

WordPress Plugin Email Verification for WooCommerce Unspecified Vulnerability (1.8.1)

CubeCart Improper Input Validation Vulnerability (CVE-2012-0865)

Drupal Improper Input Validation Vulnerability (CVE-2016-9452)

Severity

Medium

Classification

CVE-2012-2359 CWE-264

Tags

Missing Update Known Vulnerabilities