Description
Moodle 2.0.x before 2.0.2 does not use the forceloginforprofiles setting for course-profiles access control, which makes it easier for remote attackers to obtain potentially sensitive information via vectors involving use of a search engine, as demonstrated by the search functionality of Google, Yahoo!, Wrensoft Zoom, MSN, Yandex, and AltaVista.
Remediation
References
Related Vulnerabilities
WordPress Plugin RSVPMaker Server-Side Request Forgery (8.7.2)
Drupal Core 8.5.x Cross-Site Scripting (8.5.0 - 8.5.1)
WordPress Plugin Advanced Advertising System PHP Object Injection (1.3.1)
WordPress 5.1.x Multiple Vulnerabilities (5.1 - 5.1.8)
WordPress Plugin Altos Connect Widget Cross-Site Scripting (1.3.0)