First published: Sat Jul 21 2012(Updated: )
admin/roles/override.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to gain privileges by leveraging the teacher role and modifying their own capabilities, as demonstrated by obtaining the backup:userinfo capability.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Moodle Moodle | =2.0.0 | |
Moodle Moodle | =2.0.1 | |
Moodle Moodle | =2.0.2 | |
Moodle Moodle | =2.0.3 | |
Moodle Moodle | =2.0.4 | |
Moodle Moodle | =2.0.5 | |
Moodle Moodle | =2.0.6 | |
Moodle Moodle | =2.0.7 | |
Moodle Moodle | =2.0.8 | |
Moodle Moodle | =2.1.0 | |
Moodle Moodle | =2.1.1 | |
Moodle Moodle | =2.1.2 | |
Moodle Moodle | =2.1.3 | |
Moodle Moodle | =2.1.4 | |
Moodle Moodle | =2.1.5 | |
Moodle Moodle | =2.2.0 | |
Moodle Moodle | =2.2.1 | |
Moodle Moodle | =2.2.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.