Description
The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores the (1) username, (2) firstname, and (3) lastname fields within the user table, which allows attackers to obtain user account information via unknown vectors.
Remediation
References
Related Vulnerabilities
ownCloud Server-Side Request Forgery (SSRF) Vulnerability (CVE-2020-10252)
WordPress Plugin Facebook Members Cross-Site Request Forgery (5.0.4)
Drupal Core 8.9.x Remote Code Execution (8.9.0 - 8.9.8)
XWiki Missing Authorization Vulnerability (CVE-2022-23617)
WordPress Plugin Simple Link Directory PHP Object Injection (5.5.0)