CVE-2010-1616

Moodle <1.9.8 - Privilege Escalation

Title source: llm

Description

Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when restoring a course, which allows teachers to create new accounts even if they do not have the moodle/user:create capability.

References (4)

Core 4

Core References

Various Sources x_refsource_confirm

http://moodle.org/security/

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/1107

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html

Various Sources x_refsource_misc

http://tracker.moodle.org/browse/MDL-16658

Scores

EPSS 0.0028

EPSS Percentile 51.2%

Details

Status published

Products (19)

moodle/moodle 1.8.1

moodle/moodle 1.8.2

moodle/moodle 1.8.3

moodle/moodle 1.8.4

moodle/moodle 1.8.5

moodle/moodle 1.8.6

moodle/moodle 1.8.7

moodle/moodle 1.8.8

moodle/moodle 1.8.9

moodle/moodle 1.8.10

... and 9 more

Published Apr 29, 2010

Tracked Since Feb 18, 2026