Description
Moodle 1.9.x before 1.9.12 and 2.0.x before 2.0.3 does not properly implement associations between teachers and groups, which allows remote authenticated users to read quiz reports of arbitrary students by leveraging the teacher role.
Remediation
References
Related Vulnerabilities
Magento Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVE-2019-8154)
WordPress 4.2.x Cross-Site Scripting Vulnerability (4.2 - 4.2.7)
WordPress Plugin Olevmedia Shortcodes Multiple Cross-Site Scripting Vulnerabilities (1.1.9)
Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-1133)