Description

The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores the (1) username, (2) firstname, and (3) lastname fields within the user table, which allows attackers to obtain user account information via unknown vectors.

Remediation

References

CVE-2009-4298

Related Vulnerabilities

IBM WebSEAL Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-3018)

WordPress Plugin Resume Submissions & Job Postings Arbitrary File Upload (2.5.1)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-4975)

ownCloud Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2015-3013)

MediaWiki Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1581)

Severity

Medium

Classification

CVE-2009-4298 CWE-200

Tags

Missing Update Known Vulnerabilities