Description
lib/ajax/getnavbranch.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3, when the forcelogin feature is enabled, allows remote attackers to obtain sensitive category-detail information from the navigation branch by leveraging the guest role for an Ajax request.
Remediation
References
Related Vulnerabilities
MySQL CVE-2013-0368 Vulnerability (CVE-2013-0368)
WordPress Other Vulnerability (CVE-2007-0540)
Jenkins Improper Input Validation Vulnerability (CVE-2017-1000394)
WordPress Plugin Translate WordPress with GTranslate Open Redirect (2.8.10)
Ruby on Rails Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2694)