CVE-2019-3849

Summary

A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site.

Affected Software

VendorProductVersion RangeStatus
[UNKNOWN]moodle3.6.3affected
[UNKNOWN]moodle3.5.5affected
[UNKNOWN]moodle3.4.8affected

Weaknesses

  • CWE-285: CWE-285

ADP Enrichment

CVE Program Container

Additional References

References