Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2009-4303)

Description

Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores (1) password hashes and (2) unspecified "secrets" in backup files, which might allow attackers to obtain sensitive information.

Remediation

References

CVE-2009-4303

Related Vulnerabilities

Python Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2024-9287)

TYPO3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-6144)

Atlassian Confluence Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-29450)

Oracle Database Server CVE-2019-2776 Vulnerability (CVE-2019-2776)

Oracle JRE CVE-2017-10388 Vulnerability (CVE-2017-10388)

Severity

Medium

Classification

CVE-2009-4303 CWE-200