Description
Moodle 2.2.x before 2.2.5 and 2.3.x before 2.3.2 allows remote authenticated users to bypass intended capability restrictions and perform certain topic changes by leveraging course-editing capabilities.
Remediation
References
Related Vulnerabilities
Oracle HTTP Server Other Vulnerability (CVE-2006-5349)
Magento Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-7913)
WordPress Plugin Spiffy Calendar Cross-Site Scripting (3.2.0)
WordPress Plugin Nextend Twitter Connect Cross-Site Scripting (1.5.1)
WordPress Plugin Product Catalog Privilege Escalation (3.8.1)