-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| moodle/moodle | composer | >= 2.6.0, < 2.6.3 | 2.6.3 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from the absence of a capability check in enrol/index.php. The patch adds a check using has_capability() to prevent unauthorized access. The original code lacked this check, making the main script in enrol/index.php the entry point for the vulnerability. The script directly handles course enrollment page logic, and the missing check allowed guests to view hidden course names and summaries. The commit diff confirms the fix was applied in this file, directly addressing the missing capability check.