Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Exposure of Resource to Wrong Sphere Vulnerability (CVE-2023-28336)

Description

Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access.

Remediation

References

Related Vulnerabilities

Apache HTTP Server Double Free Vulnerability (CVE-2026-23918)

Oracle Application Server Resource Management Errors Vulnerability (CVE-2007-2120)

Sqlite Use After Free Vulnerability (CVE-2021-20227)

WordPress Plugin WP Fastest Cache Unspecified Vulnerability (0.8.8.5)

WordPress Plugin WP-Spreadplugin Multiple Vulnerabilities (4.4.4)

Severity

Medium

Classification

CVE-2023-28336 CWE-668 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities