Vulnerabilities > Moodle > Moodle > 3.9.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-19 | CVE-2020-25700 | SQL Injection vulnerability in multiple products In moodle, some database module web services allowed students to add entries within groups they did not belong to. | 6.5 |
| 2020-11-19 | CVE-2020-25699 | Incorrect Authorization vulnerability in multiple products In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. | 7.5 |
| 2020-11-19 | CVE-2020-25698 | Users' enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. | 7.5 |