Description

Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attackers to bypass intended access restrictions and perform global searches by leveraging the guest role and making a direct request to a URL.

Remediation

References

CVE-2011-4309

Related Vulnerabilities

phpMyFAQ Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-4825)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-0361)

PHP Out-of-bounds Read Vulnerability (CVE-2019-11036)

WordPress Plugin Portfolio Cross-Site Request Forgery (1.0)

WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.19)

Severity

Medium

Classification

CVE-2011-4309 CWE-264

Tags

Missing Update Known Vulnerabilities