Description
Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote authenticated administrators to obtain sensitive information from the external repositories of arbitrary users by leveraging the login_as feature.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2013-3751 Vulnerability (CVE-2013-3751)
WordPress Plugin WP FuneralPress Multiple Cross-Site Scripting Vulnerabilities (1.1.6)
Oracle JRE CVE-2013-0441 Vulnerability (CVE-2013-0441)
PHP Other Vulnerability (CVE-2007-1649)
WordPress Plugin Spreadsheet (wpSS) Cross-Site Scripting (0.62)