Description

Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attackers to bypass intended access restrictions and perform global searches by leveraging the guest role and making a direct request to a URL.

Remediation

References

CVE-2011-4309

Related Vulnerabilities

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Cross-Site Scripting (2.8.6)

WordPress Other Vulnerability (CVE-2016-2221)

MySQL CVE-2020-14568 Vulnerability (CVE-2020-14568)

PostgreSQL Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-25695)

PHP Other Vulnerability (CVE-2007-1888)

Severity

Medium

Classification

CVE-2011-4309 CWE-264

Tags

Missing Update Known Vulnerabilities