Description
course/reset.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 checks an update capability instead of a reset capability, which allows remote authenticated users to bypass intended access restrictions via a reset operation.
Remediation
References
Related Vulnerabilities
Seo Panel Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-22643)
Phusion Passenger Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-10345)
WordPress Plugin Broken Link Manager Multiple Vulnerabilities (0.4.5)
WordPress Plugin WordPress Infinite Scroll-Ajax Load More Unspecified Vulnerability (2.11.0)