Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-3176)

Description

The account-confirmation feature in login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote attackers to obtain sensitive full-name information by attempting to self-register.

Remediation

References

CVE-2015-3176

Related Vulnerabilities

Joomla CVE-2012-0836 Vulnerability (CVE-2012-0836)

Apache Tomcat Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-4444)

WordPress Plugin Clean Login Cross-Site Request Forgery (1.7.12)

PHP Out-of-bounds Read Vulnerability (CVE-2015-2326)

RubyGems Cryptographic Issues Vulnerability (CVE-2012-2126)

Severity

Medium

Classification

CVE-2015-3176 CWE-200