ID:6870 - Exploit for Permissions, Privileges, and Access Controls in Moodle - CVE-2020-14321

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:6870 - Exploit for Permissions, Privileges, and Access Controls in Moodle - CVE-2020-14321

ID:6870 - Exploit for Permissions, Privileges, and Access Controls in Moodle - CVE-2020-14321

Published: October 12, 2021


Vulnerability identifier: #VU31682
Vulnerability risk: High
CVE-ID: CVE-2020-14321
CWE-ID: CWE-264
Exploitation vector: Remote access
Vulnerable software:
Moodle

Link to public exploit:


Vulnerability description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions within ourse enrolments. A remote authenticated attacker with teacher permission can escalate privileges from teacher role into manager role. 


Remediation

Install updates from vendor's website.