Description

The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores the (1) username, (2) firstname, and (3) lastname fields within the user table, which allows attackers to obtain user account information via unknown vectors.

Remediation

References

CVE-2009-4298

Related Vulnerabilities

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14884)

Jenkins Inadequate Encryption Strength Vulnerability (CVE-2017-2598)

Oracle Database Server CVE-2010-0870 Vulnerability (CVE-2010-0870)

WordPress Other Vulnerability (CVE-2006-1796)

Oracle JRE CVE-2014-2427 Vulnerability (CVE-2014-2427)

Severity

Medium

Classification

CVE-2009-4298 CWE-200

Tags

Missing Update Known Vulnerabilities