Description
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to "Enrolled users" under the Users Settings section.
Remediation
References
Related Vulnerabilities
WordPress Plugin XforWooCommerce Security Bypass (1.6.4)
OpenSSL Cryptographic Issues Vulnerability (CVE-2012-2686)
WordPress Plugin Cart66 Pro Arbitrary File Disclosure (1.5.3)
WebLogic CVE-2010-4453 Vulnerability (CVE-2010-4453)
WordPress Plugin WP RSS Multi Importer Multiple Cross-Site Request Forgery Vulnerabilities (3.11)