GHSA-966m-m549-2878, CVE-2010-1616
packagist/moodle/moodle
Moodle is vulnerable to unauthorized new accounts creation
Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when restoring a course, which allows teachers to create new accounts even if they do not have the moodle/user:create capability.
All versions starting from 1.8.0 before 1.8.12, all versions starting from 1.9.0 before 1.9.8
Upgrade to versions 1.8.12, 1.9.8 or above.
2024-02-09
source |