Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2019-3849

A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site.

  • Published: Mar 26, 2019
  • Updated: Apr 13, 2023
  • CVE: CVE-2019-3849
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 8.8
  • AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: Medium
  • Score: 6.5
  • AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

Software From Fixed in
moodle / moodle 3.5.0 3.5.5
moodle / moodle 3.6.0 3.6.3
moodle / moodle - 3.4.8