Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-2353)

Description

Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to "Enrolled users" under the Users Settings section.

Remediation

References

CVE-2012-2353

Related Vulnerabilities

WordPress Plugin SecuPress Pro Security Bypass (1.4.12)

WordPress Plugin WordApp Mobile App-Convert your WordPress Site to a Mobile App Cross-Site Scripting (2.0.3)

MySQL CVE-2021-35610 Vulnerability (CVE-2021-35610)

WordPress Plugin WooCommerce Security Bypass (4.6.1)

b2evolution Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2016-8901)

Severity

Medium

Classification

CVE-2012-2353 CWE-200