Description
The rating component in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 mishandles group-based authorization checks, which allows remote authenticated users to obtain sensitive information by reading a rating value.
Remediation
References
Related Vulnerabilities
osTicket Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-15580)
WordPress Plugin Download Shortcode Local File Inclusion (0.2.3)
WordPress Plugin Tickera-WordPress Event Ticketing Cross-Site Scripting (3.4.8.2)
Resin Application Server Improper Input Validation Vulnerability (CVE-2012-2965)