Description
lib/db/upgrade.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not set the correct registration_hubs.secret value during installation, which allows remote attackers to bypass intended access restrictions by leveraging the hubs feature.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Pipes Unspecified Vulnerability (1.28)
Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-9933)
Oracle Database Server CVE-2006-0266 Vulnerability (CVE-2006-0266)
WordPress Plugin Theme Blvd Sliders Multiple Security Bypass Vulnerabilities (1.2.3)