PT-2010-3286 · Moodle · Moodle

David Mudrák

+1

·

Publicado

2010-04-29

·

Atualizado

2022-05-13

·

CVE-2010-1616

CVSS v2.0

4.0

Média

VetorAV:N/AC:L/Au:S/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions Moodle versions 1.8.x through 1.9.7
Description The issue allows teachers to create new accounts even if they do not have the moodle/user:create capability, by creating new roles when restoring a course.
Recommendations For Moodle versions 1.8.x through 1.9.7, update to version 1.9.8 or later to resolve the issue.

Correção

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

CVE-2010-1616
DSA-2115-1
GHSA-966M-M549-2878

Produtos afetados

Moodle