Description

Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to "Enrolled users" under the Users Settings section.

Remediation

References

CVE-2012-2353

Related Vulnerabilities

ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-9457)

Squid Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2020-8450)

MySQL CVE-2017-10320 Vulnerability (CVE-2017-10320)

Zope Web Application Server Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability (CVE-2021-32811)

Python Improper Input Validation Vulnerability (CVE-2020-8315)

Severity

Medium

Classification

CVE-2012-2353 CWE-200

Tags

Missing Update Known Vulnerabilities