Description

Moodle 2.0.x before 2.0.3 does not recognize the configuration setting that makes e-mail addresses visible only to course members, which allows remote authenticated users to obtain sensitive address information by reading a full profile page.

Remediation

References

CVE-2011-4289

Related Vulnerabilities

Ruby Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4466)

Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.56)

MySQL CVE-2016-5437 Vulnerability (CVE-2016-5437)

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-4997)

WordPress 'comment_post_ID' Parameter SQL Injection Vulnerability (3.0.4)

Severity

Medium

Classification

CVE-2011-4289 CWE-264

Tags

Missing Update Known Vulnerabilities