Description

user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 does not properly check a role, which allows remote authenticated users to obtain the full names of other users via the course profile page.

Remediation

References

CVE-2010-1617

Related Vulnerabilities

WordPress Plugin Realteo Multiple Vulnerabilities (1.2.3)

WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler Cross-Site Scripting (5.0.2)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9852)

WordPress Plugin WP Booking System Multiple Vulnerabilities (1.5.1)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-2068)

Severity

Medium

Classification

CVE-2010-1617 CWE-264

Tags

Missing Update Known Vulnerabilities