Description

Moodle 2.0.x before 2.0.2 does not use the forceloginforprofiles setting for course-profiles access control, which makes it easier for remote attackers to obtain potentially sensitive information via vectors involving use of a search engine, as demonstrated by the search functionality of Google, Yahoo!, Wrensoft Zoom, MSN, Yandex, and AltaVista.

Remediation

References

CVE-2011-4279

Related Vulnerabilities

Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-21702)

WordPress Plugin LeagueManager Multiple SQL Injection Vulnerabilities (3.9.1.1)

WordPress Plugin Ad Inserter-Ad Manager & AdSense Ads Remote Code Execution (2.4.21)

Oracle JRE Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-0422)

WordPress Plugin Daily Prayer Time SQL Injection (2022.02.28)

Severity

Medium

Classification

CVE-2011-4279 CWE-200

Tags

Missing Update Known Vulnerabilities