Advisory Database
  • Advisories
  • Dependency Scanning
  1. composer
  2. ›
  3. moodle/moodle
  4. ›
  5. CVE-2010-1616

CVE-2010-1616: Moodle is vulnerable to unauthorized new accounts creation

May 13, 2022 (updated February 7, 2024)

Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when restoring a course, which allows teachers to create new accounts even if they do not have the moodle/user:create capability.

References

  • lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
  • moodle.org/security/
  • tracker.moodle.org/browse/MDL-16658
  • www.vupen.com/english/advisories/2010/1107
  • github.com/advisories/GHSA-966m-m549-2878
  • github.com/moodle/moodle/commit/55f5b2e8b84e6390c0917195d01a3b34c33ff398
  • github.com/moodle/moodle/commit/5d9ab024ac9c311c84716628cce9a124173a2e8b
  • github.com/moodle/moodle/commit/5e934890c9fbe28bf89362d3eb6140208b5e3464
  • github.com/moodle/moodle/commit/b0ccfc5ce87f09d4df814b057f5e6820d37fdad1
  • github.com/moodle/moodle/commit/d8ada21339ecc147eccaaae97678f5368ac05f8b
  • nvd.nist.gov/vuln/detail/CVE-2010-1616

Code Behaviors & Features

Detect and mitigate CVE-2010-1616 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →

Affected versions

All versions starting from 1.8.0 before 1.8.12, all versions starting from 1.9.0 before 1.9.8

Fixed versions

  • 1.8.12
  • 1.9.8

Solution

Upgrade to versions 1.8.12, 1.9.8 or above.

Impact 4 MEDIUM

AV:N/AC:L/Au:S/C:N/I:P/A:N

Learn more about CVSS

Source file

packagist/moodle/moodle/CVE-2010-1616.yml

Spotted a mistake? Edit the file on GitLab.

  • Site Repo
  • About GitLab
  • Terms
  • Privacy Statement
  • Contact

Page generated Wed, 14 May 2025 12:15:17 +0000.