WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Improper Authentication Vulnerability (CVE-2013-2245)

Description

rss/file.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly implement the use of RSS tokens for impersonation, which allows remote authenticated users to obtain sensitive block information by reading an RSS feed.

Remediation

References

Related Vulnerabilities

Apache HTTP Server Other Vulnerability (CVE-2007-1863)

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-6635)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-35478)

WordPress Plugin Survey Maker-Best WordPress Survey SQL Injection (1.5.5)

Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-2901)

Severity

Medium

Classification

CVE-2013-2245 CWE-287

Tags

Missing Update Known Vulnerabilities