Description
enrol/index.php in Moodle 2.6.x before 2.6.3 does not check for the moodle/course:viewhiddencourses capability before listing hidden courses, which allows remote attackers to obtain sensitive name and summary information about these courses by leveraging the guest role and visiting a crafted URL.
Remediation
References
Related Vulnerabilities
OpenSSL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2022-2097)
WordPress Plugin Two Factor Authentication Cross-Site Scripting (1.0.7)
MySQL CVE-2020-14765 Vulnerability (CVE-2020-14765)
WordPress Plugin WP Maps-Display Google Maps Perfectly with Ease Cross-Site Request Forgery (4.4.2)
Internet Information Services Other Vulnerability (CVE-2001-0709)