Description

Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 displays web service tokens associated with (1) disabled services and (2) users who no longer have authorization, which allows remote authenticated users to have an unspecified impact by reading these tokens.

Remediation

References

CVE-2011-4583

Related Vulnerabilities

MyBB Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-43281)

WordPress Plugin N5 Upload Form Arbitrary File Upload (1.0)

WordPress Plugin ProfileGrid-User Profiles, Groups and Communities Cross-Site Scripting (4.7.4)

WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.5)

WordPress Plugin Shortlinks by Pretty Links-Best WordPress Link Tracking Unspecified Vulnerability (2.1.8)

Severity

Medium

Classification

CVE-2011-4583 CWE-264

Tags

Missing Update Known Vulnerabilities