Description

A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. It was possible for the core_course_get_categories web service to return hidden categories, which should be omitted when fetching course categories.

Remediation

References

CVE-2018-10890

Related Vulnerabilities

WordPress Plugin WordPress Infinite Scroll-Ajax Load More Multiple Vulnerabilities (5.5.3)

WordPress Plugin ClickDesk Live Support-Live Chat-Help Desk Cross-Site Scripting (4.2)

WordPress Plugin Contact Form DB Cross-Site Scripting (2.10.29)

Jboss EAP Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2010-3878)

Moodle Improper Input Validation Vulnerability (CVE-2017-2576)

Severity

Medium

Classification

CVE-2018-10890 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities