Description

Moodle 2.0.x before 2.0.2 does not use the forceloginforprofiles setting for course-profiles access control, which makes it easier for remote attackers to obtain potentially sensitive information via vectors involving use of a search engine, as demonstrated by the search functionality of Google, Yahoo!, Wrensoft Zoom, MSN, Yandex, and AltaVista.

Remediation

References

CVE-2011-4279

Related Vulnerabilities

Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-7136)

WordPress Plugin Donation Block For PayPal Unspecified Vulnerability (1.0.0)

WordPress Plugin Form Vibes-Database Manager for Forms SQL Injection (1.4.5)

WordPress Plugin Alpine PhotoTile for Instagram Cross-Site Scripting (1.2.7.7)

WordPress Plugin Download Zip Attachments Arbitrary File Download (1.0.0)

Severity

Medium

Classification

CVE-2011-4279 CWE-200

Tags

Missing Update Known Vulnerabilities