Main Vulnerability Database Vulnerabilities #VU48447

Permissions, Privileges, and Access Controls in Moodle - CVE-2020-25701

Published: November 16, 2020

Vulnerability identifier: #VU48447

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-25701

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Moodle

Software vendor:
moodle.org

Description

The vulnerability allows a remote user to escalate privileges within the application.

The vulnerability exists in the tool_uploadcourse function. If the upload course tool was used to delete an enrolment method which did not exist or was not already enabled, the tool would erroneously enable that enrolment method. This could lead to unintended users gaining access to the course.

Remediation

Install updates from vendor's website.

External links

https://moodle.org/mod/forum/discuss.php?d=413939

Permissions, Privileges, and Access Controls in Moodle - CVE-2020-25701

Description

Remediation

External links

Please verify you're human