WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-6105)

Description

blog/rsslib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 continues to provide a blog RSS feed after blogging is disabled, which allows remote attackers to obtain sensitive information by reading this feed.

Remediation

References

Related Vulnerabilities

Magento Improper Authorization Vulnerability (CVE-2021-28563)

Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-20187)

WebLogic CVE-2020-14636 Vulnerability (CVE-2020-14636)

Oracle HTTP Server Other Vulnerability (CVE-2020-35168)

WordPress Plugin Buddypress Component Stats Local File Inclusion (1.0)

Severity

Medium

Classification

CVE-2012-6105 CWE-200

Tags

Missing Update Known Vulnerabilities