Description
The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote attackers to bypass intended restrictions on reading other participants' entries via an advanced search.
Remediation
References
Related Vulnerabilities
Oracle Application Server CVE-2009-0983 Vulnerability (CVE-2009-0983)
Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-5342)
WordPress Plugin WP-PostRatings Cross-Site Scripting (1.86)
Oracle Database Server CVE-2012-0525 Vulnerability (CVE-2012-0525)
TYPO3 Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2022-23503)