Description
course/reset.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 checks an update capability instead of a reset capability, which allows remote authenticated users to bypass intended access restrictions via a reset operation.
Remediation
References
Related Vulnerabilities
MongoDb Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-20326)
WordPress 4.7.x Multiple Vulnerabilities (4.7 - 4.7.17)
WordPress Plugin Profile Builder Pro Security Bypass (3.1.0)
Telerik Web UI Inadequate Encryption Strength Vulnerability (CVE-2017-11317)
WordPress Improper Input Validation Vulnerability (CVE-2011-4957)