Description

Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/site:readallmessages capability requirement and read arbitrary messages by using the "Recent conversations" feature with a modified parameter in a URL.

Remediation

References

CVE-2012-2354

Related Vulnerabilities

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-5230)

WordPress Plugin SEO by Squirrly SEO Multiple Unspecified Vulnerabilities (6.1.4)

Oracle Database Server CVE-2016-0467 Vulnerability (CVE-2016-0467)

Oracle Database Server CVE-2006-5339 Vulnerability (CVE-2006-5339)

EspoCRM Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2022-38844)

Severity

Medium

Classification

CVE-2012-2354 CWE-264

Tags

Missing Update Known Vulnerabilities