Description

Moodle 2.0.x before 2.0.7 and 2.1.x before 2.1.4, when an anonymous front-page forum is enabled, allows remote attackers to obtain session keys for their sessions by visiting the front page.

Remediation

References

CVE-2012-0799

Related Vulnerabilities

Drupal Core 9.2.x Multiple Security Bypass Vulnerabilities (9.2.0 - 9.2.5)

Envoy Proxy Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-15225)

Jetty Weak Authentication Vulnerability (CVE-2023-41900)

Moodle 7PK - Security Features Vulnerability (CVE-2015-5331)

MySQL CVE-2021-2032 Vulnerability (CVE-2021-2032)

Severity

Medium

Classification

CVE-2012-0799 CWE-200

Tags

Missing Update Known Vulnerabilities