Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 performs access control at the course level rather than at the activity level, which allows remote authenticated users to bypass the mod/lti:view capability requirement by viewing an activity instance.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Moodle LTI模块权限许可和访问控制问题漏洞
Vulnerability Description
Moodle是澳大利亚马丁-多基马(Martin Dougiamas)博士开发的一套免费、开源的电子学习软件平台,也称课程管理系统、学习管理系统或虚拟学习环境。LTI是其中的一个学习工具组件。 Moodle的LTI模块中的mod/lti/launch.php脚本存在安全漏洞,该漏洞源于程序没有对活动等级实施访问控制。远程攻击者可通过读取活动实例利用该漏洞绕过mod/lti:view功能限制。以下版本受到影响:Moodle 2.4.11及之前版本,2.5.9之前2.5.x版本,2.6.6之前2.6.x版本,
CVSS Information
N/A
Vulnerability Type
N/A