Description

Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to "Enrolled users" under the Users Settings section.

Remediation

References

CVE-2012-2353

Related Vulnerabilities

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2048)

WordPress Plugin WooCommerce Affiliate-Coupon Affiliates Cross-Site Scripting (4.11.0.1)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-42041)

Osclass Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2014-8084)

Drupal Core 9.3.x Security Bypass (9.3.0 - 9.3.11)

Severity

Medium

Classification

CVE-2012-2353 CWE-200

Tags

Missing Update Known Vulnerabilities