A vulnerability was found in Moodle affection 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions where activity creation capabilities were not correctly respected when selecting the activity to use for a course in single activity mode.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NMoodle
APPMoodle3.5.0 – 3.5.73.6.0 – 3.6.53.7.0 – 3.7.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2024-33999CRITICAL9.8PL ✓ten sam produkt
Moodle MFA — niewystarczająca sanityzacja URL referrer
CVE-2023-28333CRITICAL9.8ten sam produkt
The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This ...
CVE-2021-36392CRITICAL9.8ten sam produkt
In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses.
CVE-2021-36393CRITICAL9.8ten sam produkt
In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses.
CVE-2021-36394CRITICAL9.8ten sam produkt
In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin.