lib/db/access.php in Moodle 2.0.x prior to 2.0.4 and 2.1.x prior to 2.1.1 assigns incorrect capabilities to the course-creator role, which allows remote authenticated users to modify course filters by leveraging this role.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
moodle moodle 2.0.2 |
||
moodle moodle 2.0.1 |
||
moodle moodle 2.0.3 |
||
moodle moodle 2.0.0 |
||
moodle moodle 2.1.0 |