Description
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to "Enrolled users" under the Users Settings section.
Remediation
References
Related Vulnerabilities
WordPress Plugin File Manager Arbitrary File Upload (6.8)
WordPress Plugin WebP Express Cross-Site Scripting (0.14.4)
Drupal Improper Input Validation Vulnerability (CVE-2013-6389)
MySQL Integer Overflow or Wraparound Vulnerability (CVE-2017-3599)
WordPress Plugin FCChat Widget 'path' Parameter Cross-Site Scripting (2.1.7)