The "restore teacher" feature in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to overwrite the course idnumber.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| moodle/moodle(Packagist) | 2.7 | 2.7.14 | N/A |
| moodle/moodle(Packagist) | 2.8 | 2.8.12 | N/A |
| moodle/moodle(Packagist) | 2.9 | 2.9.6 | N/A |
| moodle/moodle(Packagist) | 3.0 | 3.0.4 | N/A |
CVSS Metrics
