Description

rss/file.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly implement the use of RSS tokens for impersonation, which allows remote authenticated users to obtain sensitive block information by reading an RSS feed.

Remediation

References

CVE-2013-2245

Related Vulnerabilities

XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-29522)

WordPress 5.6.x PHP Object Injection (5.6 - 5.6.3)

Sqlite Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-6590)

MySQL CVE-2022-21316 Vulnerability (CVE-2022-21316)

WordPress Plugin Authenticator Denial of Service (1.3.0)

Severity

Medium

Classification

CVE-2013-2245 CWE-287

Tags

Missing Update Known Vulnerabilities