Description

Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to "Enrolled users" under the Users Settings section.

Remediation

References

CVE-2012-2353

Related Vulnerabilities

MySQL CVE-2018-2787 Vulnerability (CVE-2018-2787)

Drupal Core 7.x Remote Code Execution (7.0 - 7.58)

WordPress Plugin Admin Menu Tree Page View Multiple Vulnerabilities (2.6.9)

WordPress Plugin Calendar Event Multi View Security Bypass (1.4.06)

WordPress Plugin Easy Appointments Cross-Site Scripting (1.11.7)

Severity

Medium

Classification

CVE-2012-2353 CWE-200

Tags

Missing Update Known Vulnerabilities