Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2023-28334)

Description

Authenticated users were able to enumerate other users' names via the learning plans page.

Remediation

References

Related Vulnerabilities

WordPress Plugin Keep Backup Daily Unspecified Vulnerability (2.0.3)

phpMyAdmin Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-7251)

MongoDb Heap-based Buffer Overflow Vulnerability (CVE-2025-0755)

WordPress 'paged' Parameter SQL Injection Vulnerability (2.0.2 - 2.0.5)

WordPress Plugin Sermon Browser Multiple Cross-Site Scripting Vulnerabilities (0.45.15)

Severity

Medium

Classification

CVE-2023-28334 CWE-639 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities