Description

Moodle 3.x has user fullname disclosure on the user preferences page.

Remediation

References

CVE-2017-2642

Related Vulnerabilities

WordPress Plugin WordPress Ping Optimizer Cross-Site Request Forgery (2.35.1.2.3)

WordPress Plugin Image Gallery with Slideshow 'upload-file.php' Arbitrary File Upload (1.5)

WordPress Plugin Simple Mail Address Encoder Cross-Site Scripting (1.6.1)

PHP Improper Input Validation Vulnerability (CVE-2014-3487)

Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-1499)

Severity

Medium

Classification

CVE-2017-2642 CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities