CVE-2010-1616

Moodle is vulnerable to unauthorized new accounts creation in packagist/moodle/moodle

Identifiers

GHSA-966m-m549-2878, CVE-2010-1616

Package Slug

packagist/moodle/moodle

Vulnerability

Moodle is vulnerable to unauthorized new accounts creation

Description

Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when restoring a course, which allows teachers to create new accounts even if they do not have the moodle/user:create capability.

Affected Versions

All versions starting from 1.8.0 before 1.8.12, all versions starting from 1.9.0 before 1.9.8

Solution

Upgrade to versions 1.8.12, 1.9.8 or above.

Last Modified

2024-02-09

source