Description
mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 performs access control at the course level rather than at the activity level, which allows remote authenticated users to bypass the mod/lti:view capability requirement by viewing an activity instance.
Remediation
References
Related Vulnerabilities
WordPress Plugin Wordfence Security-Firewall & Malware Scan Unspecified Vulnerability (5.3.2)
WordPress Plugin WP Statistics Multiple Unspecified Vulnerabilities (9.6.5)
WordPress Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-4338)
MySQL CVE-2012-0578 Vulnerability (CVE-2012-0578)
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-20330)