Description

Moodle 2.8.x before 2.8.6 does not consider the tool/monitor:subscribe capability before entering subscriptions to site-wide event-monitor rules, which allows remote authenticated users to obtain sensitive information via a subscription request.

Remediation

References

CVE-2015-3177

Related Vulnerabilities

WordPress Plugin Login as User or Customer Cross-Site Request Forgery (1.9)

MySQL CVE-2018-2759 Vulnerability (CVE-2018-2759)

WordPress 5.3.x PHP Object Injection (5.3 - 5.3.7)

Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2021-31618)

Apache Tomcat Improper Input Validation Vulnerability (CVE-2011-2526)

Severity

Low

Classification

CVE-2015-3177

Tags

Missing Update Known Vulnerabilities