A vulnerability was found in Moodle where users with "Log in as" capability in a course context (typically, course managers) may gain access to some site administration capabilities by "logging in as" a System manager. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and previous versions unsupported versions. This is fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
moodle moodle |