Description

The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote attackers to bypass intended restrictions on reading other participants' entries via an advanced search.

Remediation

References

CVE-2012-5480

Related Vulnerabilities

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-14718)

MySQL CVE-2023-22058 Vulnerability (CVE-2023-22058)

Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2018-1302)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-6262)

WordPress Plugin FreshMail For WordPress Multiple SQL Injection Vulnerabilities (1.5.8)

Severity

Medium

Classification

CVE-2012-5480 CWE-264

Tags

Missing Update Known Vulnerabilities