grade/edit/outcome/edit_form.php in Moodle 1.9.x up to and including 1.9.19, 2.1.x prior to 2.1.10, 2.2.x prior to 2.2.7, 2.3.x prior to 2.3.4, and 2.4.x prior to 2.4.1 does not properly enforce the moodle/grade:manage capability requirement, which allows remote authenticated users to convert custom outcomes into standard site-wide outcomes by leveraging the teacher role and using the re-editing feature.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
moodle moodle 1.9.16 |
||
moodle moodle 1.9.8 |
||
moodle moodle 1.9.6 |
||
moodle moodle 1.9.12 |
||
moodle moodle 1.9.10 |
||
moodle moodle 1.9.9 |
||
moodle moodle 1.9.17 |
||
moodle moodle 1.9.18 |
||
moodle moodle 1.9.7 |
||
moodle moodle 1.9.15 |
||
moodle moodle 1.9.4 |
||
moodle moodle 1.9.11 |
||
moodle moodle 1.9.2 |
||
moodle moodle 1.9.14 |
||
moodle moodle 1.9.1 |
||
moodle moodle 1.9.3 |
||
moodle moodle 1.9.5 |
||
moodle moodle 1.9.13 |
||
moodle moodle 2.1.0 |
||
moodle moodle 2.1.4 |
||
moodle moodle 2.1.7 |
||
moodle moodle 2.1.8 |
||
moodle moodle 2.1.9 |
||
moodle moodle 2.1.2 |
||
moodle moodle 2.1.1 |
||
moodle moodle 2.1.3 |
||
moodle moodle 2.1.5 |
||
moodle moodle 2.1.6 |
||
moodle moodle 2.2.3 |
||
moodle moodle 2.2.1 |
||
moodle moodle 2.2.4 |
||
moodle moodle 2.2.6 |
||
moodle moodle 2.2.5 |
||
moodle moodle 2.2.0 |
||
moodle moodle 2.2.2 |
||
moodle moodle 2.3.2 |
||
moodle moodle 2.3.1 |
||
moodle moodle 2.3.3 |
||
moodle moodle 2.3.0 |
||
moodle moodle 2.4.0 |