WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle DEPRECATED: Code Vulnerability (CVE-2015-2270)

Description

lib/moodlelib.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4, when the theme uses the blocks-regions feature, establishes the course state at an incorrect point in the login-validation process, which allows remote attackers to obtain sensitive course information via unspecified vectors.

Remediation

References

Related Vulnerabilities

Joomla! Core 1.7.0 Cross-Site Scripting (1.7.0)

WordPress Plugin Formidable Forms-Contact Form, Survey, Quiz, Calculator & Custom Form Builder Security Bypass (2.0.21)

WordPress Plugin WL Katalogsok PHP Object Injection (3.5.4)

XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-32621)

Django Incorrect Default Permissions Vulnerability (CVE-2020-24583)

Severity

Medium

Classification

CVE-2015-2270

Tags

Missing Update Known Vulnerabilities