Description

Moodle 2.8.x before 2.8.6 does not consider the tool/monitor:subscribe capability before entering subscriptions to site-wide event-monitor rules, which allows remote authenticated users to obtain sensitive information via a subscription request.

Remediation

References

CVE-2015-3177

Related Vulnerabilities

WordPress Plugin Abandoned Cart Lite for WooCommerce Cross-Site Request Forgery (5.8.5)

WordPress Plugin Wordpress Picture/Portfolio/Media Gallery Server-Side Request Forgery (3.0.1)

WordPress Plugin TweetScribe Cross-Site Request Forgery (1.1)

Joomla Other Vulnerability (CVE-2006-7008)

WordPress Plugin Form Builder CP Cross-Site Scripting (1.2.31)

Severity

Low

Classification

CVE-2015-3177

Tags

Missing Update Known Vulnerabilities