Description

mod/forum/user.php in Moodle 1.9.x before 1.9.16 allows remote authenticated users to obtain the names and other details of arbitrary user accounts by searching for posts.

Remediation

References

CVE-2012-0792

Related Vulnerabilities

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-25982)

Magento XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2019-8158)

Oracle JRE CVE-2013-1487 Vulnerability (CVE-2013-1487)

MediaWiki Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2023-45363)

WordPress Plugin twitterDash Cross-Site Request Forgery (2.1)

Severity

Medium

Classification

CVE-2012-0792 CWE-200

Tags

Missing Update Known Vulnerabilities