A vulnerability was found in moodle prior to 3.6.3, 3.5.5 and 3.4.8. Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
moodle moodle |