Description
The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores the (1) username, (2) firstname, and (3) lastname fields within the user table, which allows attackers to obtain user account information via unknown vectors.
Remediation
References
Related Vulnerabilities
Envoy Proxy Uncontrolled Recursion Vulnerability (CVE-2022-23606)
e107 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-16388)
WordPress Plugin Backend Localization Multiple Cross-Site Scripting Vulnerabilities (1.6.1)
WordPress Plugin WooCommerce Potential PHP Object Injection (3.4.4)