Description

Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to "Enrolled users" under the Users Settings section.

Remediation

References

CVE-2012-2353

Related Vulnerabilities

MySQL CVE-2016-0642 Vulnerability (CVE-2016-0642)

SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-17293)

phpList Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-20030)

WordPress Plugin Simple Membership Security Bypass (3.8.5)

WordPress Plugin Event Espresso Lite-Event Management and Registration System SQL Injection (3.1.37.12)

Severity

Medium

Classification

CVE-2012-2353 CWE-200

Tags

Missing Update Known Vulnerabilities