CVE-2019-10187 in Moodle
Summary
by MITRE
A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Users with permission to delete entries from a glossary were able to delete entries from other glossaries they did not have direct access to.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 09/08/2025
The vulnerability identified as CVE-2019-10187 represents a critical access control flaw within the Moodle learning management system that affects versions prior to 3.7.1, 3.6.5, and 3.5.7. This issue stems from inadequate authorization checks within the glossary module's deletion functionality, creating a path for privilege escalation that allows malicious users to bypass normal access restrictions. The flaw specifically targets users who possess the legitimate permission to delete entries from glossaries, but through improper implementation of access validation mechanisms, these users can extend their deletion capabilities beyond their intended scope.
The technical nature of this vulnerability falls under CWE-284, which categorizes improper access control issues where insufficient authorization checks allow users to perform actions beyond their granted permissions. In the context of Moodle's glossary module, the system fails to properly verify whether a user attempting to delete a glossary entry has legitimate access rights to the specific glossary containing that entry. This represents a classic case of insufficient input validation and access control enforcement, where the application trusts the user's reported glossary context without proper verification against the user's actual permissions and access rights.
The operational impact of this vulnerability extends beyond simple data integrity concerns, as it creates potential for unauthorized data manipulation and information disclosure within educational institutions using Moodle. Attackers could exploit this flaw to delete glossary entries from other users' glossaries, potentially removing important educational content, disrupting learning activities, or even destroying evidence of student work. The vulnerability is particularly concerning in institutional environments where multiple users with varying permission levels collaborate within the same system, as it could enable malicious actors to systematically target specific users' educational materials or create confusion through unauthorized deletions.
From an adversarial perspective, this vulnerability aligns with ATT&CK technique T1078 which covers valid accounts usage and privilege escalation through legitimate access. An attacker with minimal permissions could leverage this flaw to gain broader access to educational content across different user contexts, effectively expanding their attack surface without requiring additional credentials or complex exploitation techniques. The remediation strategy involves implementing proper access control validation mechanisms that verify user permissions against the specific glossary context before allowing deletion operations. Organizations should ensure that all glossary deletion operations include comprehensive permission checks that confirm the user has explicit access rights to the target glossary, rather than relying solely on the user's reported context or session information. This vulnerability highlights the critical importance of robust access control implementation in educational platforms where multiple users with varying permissions interact within shared systems, emphasizing that even seemingly minor permission gaps can create significant security risks in collaborative environments.