6.5
CVSSv2

CVE-2011-4295

Published: 16/07/2012 Updated: 16/07/2012
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
VMScore: 578
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Summary

The moodle_enrol_external:role_assign function in enrol/externallib.php in Moodle 2.0.x prior to 2.0.4 and 2.1.x prior to 2.1.1 does not have an authorization check, which allows remote authenticated users to gain privileges by making a role assignment.

Affected Products

Vendor Product Versions
MoodleMoodle2.0, 2.0.1, 2.0.2, 2.0.3, 2.1