Description

Moodle 1.9.x before 1.9.12 and 2.0.x before 2.0.3 does not properly implement associations between teachers and groups, which allows remote authenticated users to read quiz reports of arbitrary students by leveraging the teacher role.

Remediation

References

CVE-2011-4288

Related Vulnerabilities

MySQL Other Vulnerability (CVE-1999-1188)

Drupal Core 5.x Multiple Vulnerabilities (5.0 - 5.7)

SugarCRM Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability (CVE-2019-17316)

Oracle Application Server CVE-2008-1812 Vulnerability (CVE-2008-1812)

WordPress 3.9.1 Multiple Vulnerabilities (3.9 - 3.9.1)

Severity

Medium

Classification

CVE-2011-4288 CWE-264

Tags

Missing Update Known Vulnerabilities