Description
Moodle 2.0.x before 2.0.3 does not recognize the configuration setting that makes e-mail addresses visible only to course members, which allows remote authenticated users to obtain sensitive address information by reading a full profile page.
Remediation
References
Related Vulnerabilities
WebLogic Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2019-17195)
WordPress Plugin NextGEN Gallery-WordPress Gallery 'nggallery-manage-gallery' HTML Injection (0.96)
WordPress Plugin Advanced Popups Cross-Site Request Forgery (1.1.1)
MODX Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-7321)