Miggo Logo

CVE-2020-25701: Privilage Escalation in moodle

5.3

CVSS Score
3.1

Basic Information

EPSS Score
0.56406%
Published
3/29/2021
Updated
9/12/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
moodle/moodlecomposer>= 3.9.0, < 3.9.33.9.3
moodle/moodlecomposer>= 3.8.0, < 3.8.63.8.6
moodle/moodlecomposer>= 3.7.0, < 3.7.93.7.9
moodle/moodlecomposer>= 3.5, < 3.5.153.5.15

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the enrollment processing logic in process_enrolment_data() shown in the commit diff. The original code would:

  1. Attempt to delete non-existent enrollment methods (creating them first if missing)
  2. Enable methods when trying to disable/delete them if they didn't exist
  3. Lack proper state validation before modifying enrollment status

The patched version adds proper existence checks (line 983: 'if ($instance)') and separates creation/status update logic, indicating the vulnerability resided in how the function handled non-existent enrollment methods during delete/disable operations. The CWE-863 mapping confirms this is an authorization flaw where deletion attempts improperly escalated privileges by creating unwanted active enrollment methods.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

I* t** uplo** *ours* tool in Moo*l* w*s us** to **l*t* *n *nrollm*nt m*t*o* w*i** *i* not *xist or w*s not *lr***y *n**l**, t** tool woul* *rron*ously *n**l* t**t *nrollm*nt m*t*o*. T*is *oul* l*** to unint*n*** us*rs **inin* ****ss to t** *ours*. V*

Reasoning

T** vuln*r**ility st*ms *rom t** *nrollm*nt pro**ssin* lo*i* in pro**ss_*nrolm*nt_**t*() s*own in t** *ommit *i**. T** ori*in*l *o** woul*: *. *tt*mpt to **l*t* non-*xist*nt *nrollm*nt m*t*o*s (*r**tin* t**m *irst i* missin*) *. *n**l* m*t*o*s w**n