Description
enrol/index.php in Moodle 2.6.x before 2.6.3 does not check for the moodle/course:viewhiddencourses capability before listing hidden courses, which allows remote attackers to obtain sensitive name and summary information about these courses by leveraging the guest role and visiting a crafted URL.
Remediation
References
Related Vulnerabilities
WordPress Plugin Entries For WPForms SQL Injection (1.4.0)
WordPress Plugin Free Live Chat Support Cross-Site Request Forgery (1.0.11)
MySQL CVE-2015-0432 Vulnerability (CVE-2015-0432)
MySQL CVE-2022-21312 Vulnerability (CVE-2022-21312)
WordPress Plugin Latest Posts by BestWebSoft Cross-Site Scripting (0.2)