Description

Moodle 2.0.x before 2.0.3 does not recognize the configuration setting that makes e-mail addresses visible only to course members, which allows remote authenticated users to obtain sensitive address information by reading a full profile page.

Remediation

References

CVE-2011-4289

Related Vulnerabilities

WebLogic Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2019-17195)

Contao Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2024-45612)

WordPress Plugin NextGEN Gallery-WordPress Gallery 'nggallery-manage-gallery' HTML Injection (0.96)

WordPress Plugin Advanced Popups Cross-Site Request Forgery (1.1.1)

MODX Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-7321)

Severity

Medium

Classification

CVE-2011-4289 CWE-264

Tags

Missing Update Known Vulnerabilities